Since the start of the pandemic, companies have been forced to move their operations online; a real opportunity for hackers, scammers and other fraudsters. One would have thought that with the reopening of the “physical” world, things would gradually return to normal. Yet online identity fraud has seen strong growth in 2021; a trend that should be confirmed in 2022, explains Michael Ford, of Onfido.
Data leaks
2021 has proven to be a very active year for identity fraud. Already in 2020, losses related to identity theft had increased by 42% to $712 billion, and since 2019, identity document fraud has increased by 44%.
This trend should not change in 2022: consumers have become accustomed to making transactions online, and fraudsters will therefore follow them on the net. This phenomenon is difficult to stop, because the data recovered by hackers during their attacks allows them to commit new crimes. Companies, their employees and consumers will continue to be targeted from all sides: through targeted phishing attacks, corporate email compromise or account takeovers.
Network compromise
Network compromise will remain highly relevant in 2022. While ransomware remains one of the favorite methods of fraudsters, there is also an increasing prevalence of data harvesting by mobile malware and man-of-the-art attacks. middle” (or Man-in-the-Middle attack – MITM). This technique allows hackers to gather information about companies that they will use to better attack them. It is therefore important that companies regularly check their websites to ensure that sensitive data that could be used against them is not exposed.
Synthetic Data Fraud
The last 12 months have also seen an increase in so-called “sophisticated” fraud, such as synthetic data attacks, which involve merging real and fake information. Fraudsters are also starting to use “deepfakes”, generating fake videos using artificial intelligence in which the face or voice of the original person is replaced by that of another person; this is called synthetic video or synthetic voice fraud. These fake videos can be used to bypass a bank’s voice-recognition security systems, for example.
Cryptocurrency fraud:
Cryptocurrencies are set to represent an increasingly important target. Among the methods used regularly, “cryptojacking” consists of fraudsters convincing their victims to click on a malicious link and use their terminal to mine crypto-currencies on their behalf.
The mining code is then loaded onto a target computer, which can then steal cryptocurrency from other digital wallets, or use the hijacked computer to mine valuable crypto. Fraudsters can also directly target people with cryptocurrency investment scams – an increasingly effective method given the growing popularity of many cryptos.
Social engineering or coercion scams
Social engineering scams will remain a favorite method for fraudsters because they require little technological sophistication. They are often the second wave of an attack, using information gathered through data theft to “prove” their legitimacy.
This type of attack is difficult to detect because fraudsters do not need to interact directly with the company they are targeting; they convince the victims to do it themselves. The standard detection tools consider that the payments are legitimate since they are made from the user’s certified terminal and that the victims pass all the authentication steps. The fight against this phenomenon requires consumer education.
Online identity fraud has therefore been increasing for several years and 2022 should not deviate from this trend; companies must therefore continue to arm themselves. Biometric online identity verification, combining verification of the authenticity of identity documents and verification of the holder’s identity using physical characteristics (biometrics, face, fingerprint, etc.), can constitute a lasting solution. Indeed, it makes it possible to quickly increase security while being able to evolve to integrate new technological trends in terms of fraud.