10 September 2021
Think before you click: cybercrime thrives on human behaviours happen
Innovation in online payments offers opportunities and convenience to several parties, including financial institutions, companies, and consumers. However, it often also comes with risks, as fraudsters leverage new technologies to mislead and trick their victims. Therefore, I believe it is essential to raise awareness about the current and future risks in the financial landscape and – maybe even more importantly – how people can protect themselves against these threats. After all, human behaviour remains the weakest links in online security.
Even though online payments are very safe in general, there are still a number of ways in which a consumer can fall victim to malicious practices. The most infamous technique is probably phishing/smishing, in which fraudsters use false links in emails or text messages to get their victim to fill out their personal details on a fake website. When they succeed, they then gain access to the victim’s bank account and are able to clear out the funds.
Return of the Joker
Criminals can also use fraudulent attachments to emails or apps to install malware on a person’s computer or mobile device. Recently, for instance, several media sites in Europe wrote about the return of the Joker virus, which hides in the Google Play Store and attacks Android devices when downloaded. This type of malware is capable of subscribing users to payment services without their authorisation and emptying their bank accounts without them even noticing.
Other popular methods used to mislead victims include telephone spoofing, third-party fraud, social engineering, and ransomware.
As you can see, the most popular ways of payment fraud are not new. As a matter of fact, they have been with us since the beginning of time – as a figure of speech – albeit in various forms. And I’m afraid they will be with us for a long time, as fraudsters will continue to develop new variations of these methods.
One main reason why these methods keep on delivering for criminals, is because fraudsters can remain hidden as payments are mostly done with digital devices and sometimes through untraceable bitcoin transactions. In addition, it is still fairly easy to push people to download things from the internet, to click on a link or to accept all sorts of cookies. And often, they do so without thinking twice. Combine this with poor password management and insufficient protection against malware, and you understand that payment fraud is, unfortunately, still a very lucrative business.
Naturally, this does not mean that nothing is being done to prevent these criminal actions. For example, online payments are actually very secure due to features like biometrics and two-way verification. In addition, payments and IBANs are more and more frequently being tokenised, which means that they are being replaced by a unique combination of letters and/or numbers. This combination provides sufficient information to retrieve the original data in a protected environment and cannot be tampered with by criminals. Banks are continuously monitoring banking apps and bank accounts in order to flag unusual behaviour. Meanwhile, law enforcement is bringing down phishing sites before domains can send out phishing mails, and telecom providers are protecting against phone number spoofing.
Change in human behaviour
The reason why fraudsters can still be successful in their scams lies with the weakest link in the chain: human behaviour. As I said before, people often act before they think and opt for the easy way when it comes to creating a new password. In order to strengthen this weak link, I would like to provide some practical and easy tips to increase awareness regarding cybercrime, and make consumers less vulnerable online:
- Ensure that your passwords are unique, complex enough and regularly updated.
- Ensure that you have the latest malware and anti-virus software installed on your devices.
- Never ever share your passwords or give your authentication credential or PIN codes to anyone else. Never!
- Clean up your internet histories and cookies.
- Do not save passwords in your browser, even though this means that you must re-enter your passwords every time.
- Protect yourself against email spoofing, for instance through the DMARC protocol or the DKIM verification technique. There will help you recognise fraudulent emails.
Crime and fraudsters are something of all ages and will be with us for the length of time, but the protection of online payments will also be improved continuously. Therefore, when we can raise awareness about the various types of cybercrime and ‘educate’ both companies and consumers on how to behave online, I am convinced we can make it way less lucrative for fraudsters.
- Business developments