Banking scams have seen a 40% increase in the first six months of 2019, according to a report from leading banking body, UK Finance. The total amount of money stolen from individuals and businesses in this period now stands at £616m – a significant shift from the same period of the previous year.
How do these banking scams work?
Neuways highlighted a notable increase in banking scams earlier this year. We found that sophisticated social engineering techniques, and an overall lack of phishing awareness, have contributed to the rise in fraud.
Known as authorised push payment (APP) fraud, UK Finance found that criminals use a variety of methods to trick their victims into transferring money, knowingly or unknowingly, to a bank account belonging to the criminal.
Some hijack their victim’s email account by sending a seemingly authentic phishing email, leading to the victim submitting their credentials, thereby delivering access to the account. With access to a business’s email account, the criminal can then assess who they do business with and send fake invoices.
Another method is the setting up of a ‘copycat’ email address and sending a well-designed spoof invoice to the victim. This particular method of phishing sees criminals trawling social media for evidence of habits and business relationships, before tailoring a malicious email exactly according to what the victim might expect.
The common trend here is that impersonation spoofing is on the rise.
How a criminal stole £200,000 in a matter of days
Earlier this year, there was a high-profile example of this in which an employee was sued for falling for an email scam.
In this particular case, a cyber criminal impersonated the manager of a business, leading to the employee parting with almost £200,000.
Yvonne Bremner (the employer) went on holiday to Tenerife. Evidently, the cyber criminal knew exactly when the boss would be absent and unavailable to contact because later that day, Patricia Reilly (the employee) received a request via email from “Yvonne Bremner,” requesting that £24,800 invoice be transferred to another company following recent business.
The payment was made, in addition to another £75,200 only three days later from an email address claiming to be the boss. With no manager on-site, the employee proceeded to pay these spoof invoices to a total of £193,250.
These funds went straight into the bank account of the criminal and only £85,000 was recovered, meaning the criminal made off with almost £120,000, simply due to a well-coordinated phishing attack.
‘Digital skimming’ and website payments
Digital skimming is the theft of debit and credit card details through online transactions. It’s a method of fraud that is on the rise, with British Airways and Equifax amongst the businesses to be targeted.
How it works is that cyber criminals inject the business’s website with malicious ‘skimming code’. This then allows the hacker to harvest and monitor data flow on the website, including financial transactions. It’s the equivalent of a commercial fishing trawler using a large net when fishing. All of the information is relayed to the hacker.
What makes this dangerous is that it often takes a while for businesses to notice that this code is active on their website. It took Equifax, for example, a whole two months before they realised that customer information was being harvested. This led to a £500,000 fine by ICO (Information Commissioner’s Office), the UK data watchdog.
How much money is typically recovered?
UK Finance found that only 19% of funds stolen via banking scams, is successfully recovered. This is down on previous years, meaning that criminals are increasingly getting away with this type of fraud.
It’s essential that all of the measures are in place to prevent this fraud from occurring in the first place. Whether it’s IT awareness training to invest in your staff’s overall awareness, or beefing up your email security, there are a variety of steps you can take to stop this fraud at source.
Because the chances are, if you suffer a fraudulent attack like this – you’re probably not getting your money back.
Don’t become another victim. Contact Neuways on 01283 753 333 or at firstname.lastname@example.org.