Access to Innovation
Access to Capital
Access to Talent
Access to Market
Access to Knowledge
Date Trend snippet:
21 December 2021
Relevance date:
2020, 2021
Type of Treath or Oppertunity
Domain of application
Source of threat
- Home >
- Services >
- Access to Knowledge >
- Trend Monitor >
- Type of Threat or Opportunity >
- Trend snippet: Online fraud continues to be effective
Trends in Security
Trends in Security Information
The HSD Trendmonitor is designed to provide access to relevant content on various subjects in the safety and security domain, to identify relevant developments and to connect knowledge and organisations. The safety and security domain encompasses a vast number of subjects. Four relevant taxonomies (type of threat or opportunity, victim, source of threat and domain of application) have been constructed in order to visualize all of these subjects. The taxonomies and related category descriptions have been carefully composed according to other taxonomies, European and international standards and our own expertise.
In order to identify safety and security related trends, relevant reports and HSD news articles are continuously scanned, analysed and classified by hand according to the four taxonomies. This results in a wide array of observations, which we call ‘Trend Snippets’. Multiple Trend Snippets combined can provide insights into safety and security trends. The size of the circles shows the relative weight of the topic, the filters can be used to further select the most relevant content for you. If you have an addition, question or remark, drop us a line at info@securitydelta.nl.
visible on larger screens only
Please expand your browser window.
Or enjoy this interactive application on your desktop or laptop.
Online fraud continues to be effective
Criminals continue making significant profits as well- known types of online fraud continue to be effective. While criminals have not had to re-invent their modi operandi, they continue to refine them, making them more targeted and technically advanced. Investment fraud has become a significant concern, as phishing and social engineering have further increased to generate considerable criminal proceeds. As the COVID-19 pandemic restricts travelling, the shift to online shopping has multiplied opportunities for fraud.
More source info
4.1 Criminals mix modi operandi as phishing and social engineering increase
The past 12 months have seen a further significant increase in phishing and social engineering. Facilitated by the ongoing pandemic, the number of COVID-19- related phishing attempts conducted above all via telephone (vishing) and text messages (smishing) has risen considerably. While tried and tested social engineering approaches still work very well for criminals, phishing campaigns continue to evolve.
Compromised information from data breaches is easily and increasingly available. Criminals have increasingly made use of this opportunity to improve their chances of success by creating highly targeted campaigns. Traditionally successful crimes such as business email compromise, CEO fraud, extortion and various types of scams, all profit from the availability of potential victims’ personal data. As this data can be key in improving the success rate of criminal activities, this has led to a perpetual fraud cycle, in which the black market for compromised information is booming.
Vishing and smishing have particularly profited from the exploitation of stolen data. In combination with spoofing, whereby victims are contacted using legitimate-looking caller IDs or text aliases, criminals have lent these types of fraud attempts significant credibility.
In line with other developments, fraudsters more often combine traditional social engineering attempts with technical components to target especially elderly victims. The increased use of remote access trojans (RATs) in vishing, for instance, exploits a lack of technical knowledge on the part of the target, potentially leading to full account access and significant financial harm.
In light of the COVID-19 pandemic, criminals have used vishing to gain access to victims’ bank accounts in countries in which medical services are linked to mobile bank IDs. In these cases, criminals contact citizens over the phone and ask them to identify themselves for the purpose of arranging a vaccination appointment or other medical services. Criminals have exploited this circumstance to convince victims to provide their identity documents to log into bank accounts and unknowingly transfer money to the criminals.
With smishing, criminals have employed a diverse mix of modi operandi, contacting victims through text messages to request information, redirect to phishing websites, or distribute malware. The Classiscam (see below) and Flubot (see 2.2) campaigns demonstrate this versatility. On the other hand, SIM swapping appears to have stabilised throughout Europe, in part due to technical mitigation measures and the move away from text-based two-factor authentication.
Still, some countries have seen a sharp increase, as criminals have further refined their approach and often profited from new data leaks.
A notable example of this development is the Classiscam scheme. Classiscam is an automated scam-as-a-service that propagates via Telegram and WhatsApp bots, providing fraudsters with pre-made pages intended to steal banking information from customers. Classiscam initially focused on delivery services, and subsequently expanded to online marketplaces and classifieds.
4.2 Investment fraud, BEC and CEO fraud cause devastating losses
The top threats in the area of non-cash payment fraud relate to investment fraud, business email compromise and CEO fraud, as criminals further refine and improve their modi operandi. Investment fraud has emerged as the most dominant type of fraud in the last 12 months. While last year put this type of crime on the map properly for the first time, criminals have continued to target victims with fraudulent investment opportunities. With different assets on offer, cryptocurrencies emerged as the most popular, as the price surge earlier in 2021 attracted a number of new investors. Fake investment websites are particularly suited in this context, since criminals can exploit lack of knowledge and, in some jurisdictions, regulatory hurdles regarding access to cryptocurrency exchanges.
This mixing up of different modi operandi is a key trend in investment fraud. Increasingly, criminals are hitting their victims twice: following the theft of the investments, criminals contact the victims pretending to be lawyers or law enforcement agents offering help to retrieve their funds. With the help of spoofing and detailed knowledge about the theft, they are often able to defraud their victims several times.
Investment fraud poses a significant challenge for law enforcement. The use of cryptocurrencies means that perpetrators can launder criminal proceeds quickly and efficiently, while uncooperative exchanges, or those with weak KYC measures, make them difficult to identify. At the same time, fake investment websites do not directly target legitimate financial institutions, but abuse their brands to target members of the public, leading to a decreased incentive for the industry to take action.
As investment fraud takes the spotlight, business email compromise (BEC) and CEO fraud have remained key threats in the past 12 months, with some countries reporting a further increase in the number of cases. Continuing to lead to significant losses, both types of crime have grown in sophistication and become more targeted. Heavily relying on social engineering, attacks have increasingly focused on upper-level management, as well as on impersonating other staff members or changing invoice data in commercial transactions.
Source:
Report
Internet Organised Crime Threat Assessment (IOCTA) 2021
Date published
11 November 2021
