Fraud & Privacy 2020

Issue link: https://raconteur.uberflip.com/i/1271462

Contents of this Issue


Page 2 of 15

R A C O N T E U R . N E T 03 fraud-privacy-2020 ybercriminals are oppor- tunists. Seeing opportu- nity, they attack and one of the biggest opportunities to commit fraud is a global pandemic upturning the world in every way possible. The old ways of doing business have been overhauled in an instant; in many cases, the office itself has disappeared. Chaos and confusion have reigned, opening the door for fraud. Phishing attacks increased by 667 per cent in March alone, as crimi - nals seized their opportunity. As a result, awareness of fraud and pri- vacy has never been more impor- tant. "Everything that's new is going to have a new security angle we hadn't thought of," says Dr Eerke Boiten, professor of cyber- security at Leicester's De Montfort University. "How that's going to be exploited is going to be interesting." The fault lines are obvious and plentiful, and criminals are scur- r ying through the cracks. Remote working is one major area ripe to be exploited. More business is being transacted by email and the number of spear phishing attacks is on the rise. One wrong click, or the opening of a suspicious attachment in error, can result in a breach of privacy and the potential for enormous fraud against organisations. "We've seen, and will continue to see, scams and frauds that exploit disruption," says cybersecurity expert Jessica Barker. Preying on fears, such as messages purporting to be from a firm's human resources department, informing staff mem - bers that a colleague has tested pos- itive for the coronavirus and should click on an attachment outlining procedures, is one way into net- works and has already victimised at least one Canadian company. But there are far greater risks than employees being out of the office, out of sight and therefore out of mind. The gradual return to workplaces worldwide is itself a potential vector for fraud, says Barker, who believes employ - ees could easily field phone calls from scammers pretending to be in-house IT support asking for passwords to get access to systems. The broader economic disrup- tion, with a quarter of UK workers furloughed and tens of millions worldwide unemployed, provides another way to commit fraud. There's the potential for supplier impersonation stemming from dis- ruption to the norms of business. For example, fraudsters could send emails or make phone calls to com- panies claiming that the normal contact at a firm has left their job, asking them to change key details, including where they pay invoices. "The whole point of spear phish- ing and social engineering is to force people to make quick deci- sions, possibly by perturbing their normal situation a bit," says Boiten. "We're already in that situation, doing unusual things all the time now." Coupled with the fear of act- ing quickly to address any issues, and an attempt to catch up on lost business, the opportunity to crack open the door and enter a business's systems fraudulently has theoreti- cally never been easier. Companies who would ordinar- ily be in the business of receiv- ing goods and delivering services to others may have to scramble to seek alternative sources for the original product to be able to deliver their services to clients, potentially overlooking due dili- gence and falling into fraud traps. "Everyone is worried," says Barker. "This all creates a perfect storm for cybercriminals to seek to exploit." It's not just current staff members being hoodwinked that managers and their IT department need to be wary of. Insider threats are also a real risk, with people within organ - isations potentially being more likely to cause problems. We know economic uncertainty and unem- ployment is a driver of increased crime in general and cyber-fraud is no different. "A lot of people are feeling uncer- tain, upset and have financial worries. Some may feel it's unfair their pay is frozen," says Barker. "All these feelings mean the risk of malicious insiders may be higher." Some may be doing so for per- sonal gain or the ability to take advantage of hesitancy around illnesses. One American employee of a Fortune 500 company told his boss he had tested positive for COVID-19, though he hadn't been affected by the virus. He supplied a hospital letter he had faked for the purpose. The company, fearing the worker could have contaminated the work - place, quarantined a plant, advised some of his closest colleagues to self-isolate and spent more than $100,000 to do so. Federal prosecu- tors charged the man in May with defrauding his employer. The FBI has also warned busi- nesses to be on the lookout for employees trying to take advantage of the pandemic. The Insurance Fraud Bureau has cautioned insur- ance fraud is likely because of the economic hardship the coronavi- rus is wreaking. Others may be willing to siphon off data from inside and give it to competitors or trade it on illicit online markets. Insider fraud, with a particular focus on the disclo- sure of internal processes to facil- itate fraud, is one of the major con- cerns raised by the Fraud Advisory Panel, a UK industry body, along- side phishing emails and the subsequent compromise of busi- ness accounts. Compulsion is often driven by disgruntled employees who feel wronged by businesses, which could be an issue when people are returning to work in a high-stress situation and being asked to do more with less support. Trying to help employees feel less distant and alone is more vital than ever and making sure they feel willing to come forward if tricked by an outside attacker is crucial. "When people are potentially still working from home, and if they click a link in an email or down - load something or transfer money, they don't have a colleague to turn to and ask what to do, so there's a danger we might not know about incidents," Barker concludes. Leaving the door open for fraud FRAUD & PRIVACY @raconteur /raconteur.net @raconteur_london Cybercriminals thrive on uncertainty and a global pandemic couldn't be better for causing worry, disrupting normal business processes and creating opportunities for disgruntled employees Richard Brown Journalist, investigative reporter and presenter, covering conflict and corporate controversies. Nick Easen Award-winning writer and broadcaster, covering science, tech and business, and producing content for BBC World News, CNN and Time. Sam Haddad Journalist specialising in travel, with work published in The Guardian, 1843 Magazine and The Times. Josh Sims Journalist and editor contributing to a wide range of publications such as Wallpaper, Spectator Life, Robb Report and Esquire. Chris Stokel-Walker Technology and culture journalist and author, his work has been published in The New York Times, The Guardian and Wired. Emma Woollacott Specialist technology writer, specialising in legal and regulatory issues, with bylines in Forbes and New Statesman. Distributed in Chris Stokel-Walker Published in association with Contributors Although this publication is funded through advertising and sponsorship, all editorial is without bias and sponsored features are clearly labelled. For an upcoming schedule, partnership inquiries or feedback, please call +44 (0)20 3877 3800 or email info@raconteur.net Raconteur is a leading publisher of special-interest content and research. Its publications and articles cover a wide range of topics, including business, finance, sustainability, healthcare, lifestyle and technology. Raconteur special reports are published exclusively in The Times and The Sunday Times as well as online at raconteur.net The information contained in this publication has been obtained from sources the Proprietors believe to be correct. However, no legal liability can be accepted for any errors. No part of this publication may be reproduced without the prior consent of the Publisher. © Raconteur Media raconteur.net JUSTIN TALLIS/AFP via Getty Images C 1 in 10 Symantec/Broadcom 2019 emails are phishing emails URLs are malicious 1 in 412 1 in 3,207 emails sent are identified as malicious C Y B E R C R I M E Publishing manager Helen Glynn Deputy editor Francesca Cassidy Head of production Justyna O'Connell Design Sara Gelfgren Kellie Jerrard Harry Lewis-Irlam Celina Lucey Colm McDermott Samuele Motta Jack Woolrich Art director Joanna Bird Associate editor Peter Archer Managing editor Benjamin Chiou Digital content executive Taryn Brickner Design director Tim Whitlock

Articles in this issue

Links on this page

Archives of this issue

view archives of Raconteur - Fraud & Privacy 2020