Fraud in the Time of Coronavirus

As the world grapples with the Coronavirus pandemic, self-isolation and stay-at-home-orders have increasingly become the norm.

The impact has been two-fold for financial institutions. They have for years worked hard to onboard new online banking customers, while at the same time trying to get traditional “brick-and-mortar” customers to make the switch online, and the outbreak has accelerated both of these processes.

The health crisis has severely limited in-person bank services to drive-through transactions or appointment-only branch visits. Some have shut down branch services altogether. The result as been a surge in the use of online banking activity and a new online banking customer population. While this is good news from the online banking perspective – there is a flipside to this coin – it also presents opportunities for fraudsters to attempt to social engineer these not-so-web-savvy people.

For banks, the central question then becomes, “can we trust that legitimate customers are behind every online transaction with 100 percent certainty?” Security systems typically check for known customer behavior, known devices, or known IP addresses to assess whether or not the transaction is from a legitimate customer, or perhaps the work of a cyberattacker. Given the large number of new online banking customers – coupled with the fact that large numbers of existing online customers are making transactions from locations and devices that fall outside their normal patterns – this can trigger suspicious activity alerts and overwhelm already overworked IT investigators.

We know from experience that disasters are exploited by fraudsters to expand their cyberattack schemes. They view global or regional crises or disasters as opportunities for new avenues to seek ill-gotten gains. For example, the FBI reported that it is seeing an increase in phishing and other cyberattacks attempting to steal sensitive personal information from banking customers in order to access their accounts and steal funds.

The attempt to deceive doesn’t stop there. A rise in fake Centers for Disease Control (CDC) emails have been seen with links that claim to be about COVID-19, but are actually carrying malware. In the United States, phishing emails telling people that they need to verify their personal/financial information in order to receive the federally-mandated stimulus money are also increasing. What’s more, there has been a spike in phishing from cybercriminals claiming they are from charitable organizations, airline carriers offering flight refunds, and even selling bogus Coronavirus testing kits and cures.

In short, cybercriminals prey on people’s anxieties and fears about the global health crisis in order to further their nefarious schemes.

No matter how many times financial institutions try to educate their customers about the dangers of these kinds of attacks, and how to pick up on them, cybercriminals tend to find a way to social-engineer them anyway. So called “next gen” phishing looks legitimate and can be very convincing, and can trick even the most web savvy customer into opening a malicious attachment, or clicking on a link that connects to a website that looks and feels authentic, but is actually hosting phishing or malware.

Financial institutions need to realize that the first step they must take to protecting their customers is to protect themselves. This can be done through threat intelligence; the collection of actionable data that indicates that the institution and its customers are under attack. Has your organization or brand been compromised somewhere online? Has someone registered a number of domains that are strikingly similar to that of your institution’s? Have your customers inquired about offers or information requests that your organization didn’t make? Have any of an institution’s customers fallen victim to this multi-pronged cyberattack – and if so – what are the risks to the customer and the institution itself?

These are the essential questions that all financial institutions should be asking themselves right now. If they don’t know the answer to one or more of these questions, they could be under attack and not even know it.

One proactive security step to mitigate many (but not all) of these threats comes by deploying second-factor or multifactor authentication for all online banking login activity. With the surge of online banking users as a result of Coronavirus, it is more important than ever to make sure your monitoring tools can stand up to potential threats. Because as US government officials have said, as it relates to the virus, things are likely to get worse before they get better.

It is just as important for financial institutions to be as prepared for the Coronavirus pandemic as the wider society is. The checks bailing out businesses large and small in a number of different verticals are in the mail, and it will be crucial for banks to know what kinds of funds are coming from who, when and how, so that the chance of fraudulent transactions slipping through the cracks in the midst of all the confusion is minimized.