Blog article
See all stories »

Phish, RATs, and Mules – Scams that make up the new fraud menu

Fighting financial scams has always been a task as chaotic as feeding time at the zoo. But as remote access attacks and money laundering join Phishing as some of EMEA’s most common digital crimes, cybersecurity has become a whole different animal—with fraudsters controlling and ruining the lives of more victims than ever before.   

Today, scams represent a staggering 52% of all reported fraud in EMEA. As daily life grows more digitised, amidst a backdrop of financial uncertainties like the cost-of-living crisis, cybercriminals are exploiting vulnerable customers in a myriad of new and innovative ways.  

Stifling the record levels of fraud seen across the region is therefore a top priority for many banks. But to break the curve, we first need to break down the fraud landscape to identify priority areas and implement innovative solutions.  

Financial institutions must recognise that cybercriminals have now pivoted from attacking systems to attacking individual humans. So, it's time to start shifting weight when it comes to tackling fraud and ensure that consumers can feel safe and secure about their financxial futures. Let’s explore the current fraud climate, including the types of scams, their risks, who is most vulnerable, and what organisations can do to safeguard their customers.  

Prevalent scams across the UK and EMEA 

Authorised Push Payments (APP) scams are the number one cause of fraud losses in the UK, and are growing in volume across the rest of Europe. Identifying and managing mule accounts has also become a key focus for banks, particularly since the introduction of the Payment Systems Regulator (PSR) and a potential change in liability.  

Meanwhile, smartphone-related scams continue to rise. Though the practice originated in Brazil, reports in Spain show fraudsters are using stolen iOS devices to exploit security weaknesses across Europe. Plus, phishing sites are being used in conjunction with smishing texts to illicitly obtain user credentials and execute an account takeover.   

Last but not least is the threat of remote access fraud, specifically remote access tools (RATs). Today, 12% of all incidents of fraud in EMEA indicate the presence of a RAT, with this number only set to escalate without swift intervention. We need to take a deeper dive into this growing trend. So, how do RAT attacks work? And who is most vulnerable? 

Smelling a RAT 

Remote access tool (RAT) scams use social engineering tactics to deceive victims into providing remote access to their computers, via a legitimate remote access tool such as TeamViewer, LogMeIn, Go-To-Meeting, or similar remote desktop software. They most often originate with impersonation scams, where the fraudster initiates the scam by contacting the victim and pretending to be a trustworthy entity like the bank, police, or government. Then, once given permission to take over the device, the scammer can steal personal or financial information that can be used to defraud the victim.  

Cybercriminals are now employing remote access trojans (RATs) not only to carry out fraud on their victim’s device, but also to coerce the victim into executing fraudulent payments. 

Data shows that over 70% of these scams start with a phone call, with victims in 85% of RAT cases aged over 60.   

Unfortunately, vulnerable senior citizens with little digital experience are therefore far more susceptible. With their customers’ entire life savings at risk, financial institutions must actively pursue ways to detect and prevent these dangerous contemporary swindles.  

Fighting modern fraud  

Digital crime is moving faster and more covertly than ever. So, financial institutions first need to map out the fraud landscape to understand what and where resources need to be allocated, and then address issues in real time, before the perpetrators get away. 

Historically, most authentication and fraud prevention solutions rely on device and IP location parameters to measure fraud risk. While these controls can be effective, RATs can circumvent traditional fraud detection tools that look for the presence of malware, bots, and blacklisted devices or IP addresses, and continue to target consumers.  

To ward off remote access fraud, organisations must use behavioural biometric intelligence to accurately detect and prevent these attacks in real time. Instead of relying on static controls, machine learning-modelled behaviours can instantly differentiate between a genuine user and a cybercriminal by comparing live behaviour with the user’s historical profile to determine if the session is legitimate. Should a customer still fall victim to a remote access attack, behavioural biometrics will help financial institutions to protect customers even after log-in, through the detection of activity indicative of RATs or social engineering.  

Protecting customers online 

As global losses to fraud eclipsed $41 Billion in 2022, time is running out for organisations to retain the trust of consumers. And with scams evolving daily, the scale of the task means it’s a challenge that’s unlikely to be solved by a single financial institution.  

Instead, the wider community of banks, governing bodies, and vendors must collaborate to create solutions and regulations that protect customers’ privacy and financial assets. We have already seen a cross-industry collaboration between banks, telecoms and big tech groups in the UK to increase data sharing on scammers, however, banks are still calling for further help from the government. Partnering with a behavioural insights expert is a good place to start. These companies can provide organisations with the data, tools, and intelligence to detect and protect against scams, from account takeovers to social engineering. Then, institutions can stop fraudulent activities long before the funds leave customers’ accounts.  

It’s time to team up in the battle against cybercrime. Together, we can collectively tame the growing numbers of Phish, RATs, and Mules—and create a world of trust and ease across every digital experience.  

3343

Comments: (0)

Gemma Staite

Gemma Staite

Threat Analytics Lead (EMEA)

BioCatch

Member since

07 Apr 2022

Location

London

Blog posts

2

This post is from a series of posts in the group:

Banking

Banks nowadays are in stiff competition for human resources with fintech. The financial technology sector often offers higher pay. Still, the prospects of many such start-ups are difficult to forecast – they are as likely to occupy a solid niche as they are to go bust. Stable companies in Latvia are only a handful. Primarily, fintech players active in Latvia are headquartered in foreign countries – the United Kingdom, to name one – despite maintaining offices in Riga and employing staff in Latvia


See all

Now hiring