Mobile phone fraud has multiplied during the COVID-19 pandemic, with fraudsters exploiting people with everything from attempts to steal money or trick people to pay for fake vaccines to romantic scams, IRS scams and even ransom attempts on fake kidnappings. And mobile banking fraud is part of it.
In fact, more than half of Americans have received fraudulent calls and / or text messages (smishing) in the past year. according to Truecaller. And while most have not taken the bait, nearly 60 million Americans have reported being the victims of phone fraud, resulting in a collective loss of about $ 30 billion.
“Many suggest you have a payment, or a thank you for your payment, or say‘ Click here to complete a survey, ’” says Wade H. Barnes, a practical financial services leader at Hartman Executive Advisors in Timonium, Maryland. “In any case, the threat actor wants you to click on a link where they will either ask for your user credentials or try to install malicious code on a mobile phone.”
Bad actors can identify a person’s cell phone carrier and send a knockout attack on a pending payment in an attempt to gain access to a user’s account, he says. By gaining access to a cell phone account, fraudsters can capture text messages with multi-factor authentication and use that to attack the victim’s work, email, or bank accounts.
Reducing cell phone bank fraud
To reduce cell phone bank fraud, more banks are implementing multi-factor authentication directly through their cell phone app, which is much harder to fake because the app is registered to a specific device, Barnes says. To re-download the app, a scammer would need credentials not only for the phone number and the app, but also for the app store.
One popular social engineering scam involving a cell phone – a phone hijacking scam – came a little too close to home for Robert Johnston, CEO of Adlumin, a Washington-based cybersecurity and compliance software provider.
“The scammers called a member of my family at about four in the morning, using phone masking technology on a voice internet phone, pretending he was using another close relative’s phone,” Johnston says. “He said he kidnapped the relative — with a woman crying in the background — and demanded that he pay the kidnappers $ 1,000.”
The fraud demanded only $ 1,000 because it is a small enough amount that many people would pay for it if they could not reach their family to confirm whether the kidnapping was legitimate, he says. Johnston’s family paid the ransom to an anonymous Venmo account, but fortunately for them, Venmo marked the fraudster’s account in response to earlier reports from other victims of the fraud, so the payment did not go through.
Banks also need to take precautions against internet fraud when their remote employees log on to work-related applications using their personal cell phones, Johnston says. It is much safer for remote workers to use a bank’s virtual private network (VPN) to view customer financial information on their computers.
“In these cases, the point of defense may not be on the actual phone,” he says. “Instead, banks need to protect their functional technology and infrastructure from those threats to ensure they defend their bank from mobile attack vectors.”
The need for contactless payments rose during the pandemic, and so did the fraud of person-to-person payment, Lauren Iuliucci, a senior product manager at Neustar Inc., said on BAI website. Through phishing tactics, fraudsters have found ways to get consumers to send them payments via Venmo, Zelle and other P2P services. The most common is purchase fraud, which convinces consumers that they are paying for a good or service they will never receive.
Overall, the pandemic has “certainly created momentum” around cell phone fraud, she says, but if banks implement solutions to assess and identify all interactions and touchpoints, they can better “detect those riskier scenarios that could have come out of action. “
Katie Kuehner-Hebert is a BAI Banking Strategies contributing writer.
Explore ways to curb the rise of bank-related fraud in the BAI Executive Report, “Banks withdraw against rising fraud”.