Fraudsters Ramped Up Account Takeover Attacks in 2020

Account takeover incidents as a share of fraudulent activity in the financial services industry rose by 19 percentage points in 2020 compared with 2019, according to new figures from Kaspersky.

Kaspersky Fraud Prevention detected that attacks of this nature surged from 34% in 2019 to 54% in 2020 of all incidents. The cybersecurity firm believes the growing use of digital financial services and e-commerce last year as a result of COVID-19 social distancing restrictions is behind this shift, with cyber-criminals able to target a much higher number of users and online accounts through social engineering attacks.

The researchers noted there were two particularly common tactics used by cyber-villains to gain access to accounts – known as ‘the rescuer’ and ‘the investor.’ In the first, scammers pose as security experts and call customers to report suspicious charges or payments and offer their help. Customers may then be asked to verify their identity through a code sent in a text message or push notification to stop a suspicious transaction or transfer money to a ‘secure account.’

In the second, cyber-criminals masquerade as an investor, calling customers to persuade them to invest in cryptocurrency or shares directly from the client’s account. As with ‘the rescuer,’ the victim will then be asked for a code received in a text message or push notification.

The study also revealed that legitimate remote administration tools (RAT), such as TeamViewer, were misused in order to gain access in 12% of fraudulent incidents.

Claire Hatcher, head of business development at Kaspersky Fraud Prevention, commented: “Bank clients always place a high value on ease of access to their accounts and performance of usual financial operations. Now this has become especially important. That is why we believe that solutions for the financial industry should provide a high level of security measures – including protection against fraud – which are seamlessly integrated into the user experience. Of course, it’s worth regularly reminding clients about fraudsters’ techniques, so that they are likely to notice something.”

Yesterday, Barclays released data showing that the number of scams last year reached unprecedented levels.

What’s Hot on Infosecurity Magazine?