With COVID-19 increasingly being used as a hook to commit fraud, threatening consumers and businesses of all sizes, a recent industry discussion was held to discuss ‘the rise of financial fraudsters during the pandemic’. The session revealed that fear, uncertainty and misinformation has created an ideal environment for the exploitation of victims.
Speakers at the event included David Emm, Principal Security Researcher at Kaspersky, Claire Hatcher, Global Head of Fraud Prevention Solutions at Kaspersky, Detective Superintendent Neil Jones (Greater Manchester Police) and moderator of the discussion, Martin Smith, Chairman and Founder at SASIG. Together, they discussed the risks associated with more people having to use online systems for business and personal use, and how an uptake in this activity, fuelled by the coronavirus, has provided fertile ground for fraudsters. They also shared the key steps to improving security for both consumers and businesses.
David Emm, Principal Security Researcher at Kaspersky, kicked off the discussion with the observation that businesses and individuals have now been forced to do everything from home, from banking to shopping and communicating online, which has left many outside of the protective ring usually offered by a corporate network. At the same time, criminals have also been offered a persistent threat hook. “Consider Valentine’s Day, Black Friday, the Olympics, the World Cup; they're 'here today, gone tomorrow' topics that cybercriminals can latch onto. Frankly, who in the world is not keenly interested in what's going on with this pandemic? Everybody is, and therefore, fraudsters have a persistent topic that they can milk, week after week. It's made people even more vulnerable than seasonal events.”
Whilst the topic of COVID-19 continues to be exploited, the nature of attacks remains fairly consistent. Fraudsters are not changing their techniques, tactics or procedures, but they are cashing in and have recognised how important this is, as a global event, and how they can exploit it. This observation was made by Claire Hatcher, Global Head of Fraud Prevention Solutions at Kaspersky, who commented: “It's always a process of, get in through phishing, download some malware, then exploit the human aspect of social engineering to use those credentials. Essentially, the newness is just the context. The attack itself is the same one re-envisaged in the new world we live in, but naturally it has increased a lot, because we are more susceptible now.”
Aside from how the COVID-19 pandemic has impacted the cybersecurity landscape, the following themes emerged on how fraudsters are currently operating and how people can stay protected:
The discussion concluded with attendees agreeing that, while the COVID-19 pandemic has changed the security landscape in several ways, the risks are still manageable. For large organisations, retailers, financial services and governments, it is essential to have a multi-layered approach; not just second-factor authentication, to ensure all the different parameters are continuously analysed. For smaller organisations that don't have the same money to invest in technology, going back to the basics, for them, and for individuals, is critical.
David Emm, Principal Security Researcher at Kaspersky said “Many organisations are going to read about these threats and think, 'Oh my goodness, what can we do?' Sometimes, it's the basic things. Protecting all devices, including mobiles – updating them and backing up data. Just trying to give staff some basic information about not replying to unsolicited texts, using unique passwords and using a password manager helps. Whilst the basics can’t be overlooked, using a security solution that anyone can operate, no matter their level of technical knowledge, is fundamental. Cybercriminals have become more skillful and this has eroded the effectiveness of traditional perimeter-based security controls. Small office security solutions, which identify and block both malicious e-mails and phishing pages, will also help individuals and businesses become more resilient to these types of attacks.”
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.