Because of the huge number of emails sent daily – by some estimates, 3.7 billion people send around 269 billion emails every single day – this type of online communication is vulnerable to phishing attacks. Recent research indicates 30 percent of targeted attempts are made via phishing emails, and that 15 percent of victims are repeat targets.
Phishing is nothing new, despite emerging iterations with new names like spear-phishing (which targets members of a specific organization to gain access to proprietary information) and whaling (spear phishing that focuses on a high-ranking target within an organization).
Amazon Prime Day, which was earlier this month, brought out waves of fraudsters trying to capitalize on the barrage of promotional emails related to the shopping event. Companies like 16Shop were selling kits to create phishing attacks. Cybercriminals could use the kit to build emails that looked legit and included a PDF with links to malicious sites designed to look like Amazon log-in pages, where users were solicited to send personal information.
The latest Digital Fraud Tracker explores why fraudsters are still relying on phishing as a major strategy even as they increase their use of new technologies and techniques.
An uptick in fraud also means a growing online fraud prevention market. Globally, it is set to increase 20 percent between 2019 and 2025.
Humans as Weak Links
According to Accenture, the average number of security breaches in 2018 grew by 11 percent, from 130 to 145.
And digital fraud is increasingly being targeted at the weakest links: humans. Ransomware attacks increased 21 percent from 2017 to 2018, and malicious insider attacks increased 18 percent during that same timeframe.
As much as companies are committed to innovation, criminals are, too. Much of the problem stems from the rush to adopt new technology. More than three-fourths (79 percent) of executives say new business models introduce technology vulnerabilities faster than they can be secured.
Removing Humans from the Equation
While humans are vulnerable to attacks, they are also increasingly taking a backseat in fraud detection. Many are putting their faith in automation to reduce the impact of fraud and mitigate human risk.
Developers can use AI to perform advanced data analytics on millions of user accounts simultaneously and to detect suspicious connections between malicious accounts.
“Combining supervised and unsupervised machine learning approaches with big data architecture and global intelligence enables holistic data analysis and contextual detection at both account and transaction levels. [The right solutions] can surface correlated patterns, identify anomalistic behavior, expose coordinated fraudulent activity and determine whether an application is legitimate by taking a holistic view,” said Fang Yu, co-founder and chief technology officer at DataVisor.
Using automation, advanced analytics and security intelligence can also manage the rising cost of discovering attacks.
According to Accenture, security and threat intelligence has the largest financial impact on an organization, resulting in a net technology savings of 67 percent. This is the area where organizations spend the most as well ($2.26 million).
Automation, AI and machine learning may be costly, but they get results. Businesses spent $2.09 million on these implementations in 2018, and consequently gained 38 percent in net technology savings.
BNY Mellon has been investing in AI and data analytics to better identify legitimate fraudulent transactions and effectively fight cybercrime. But with fraudsters changing techniques quickly, organizations need to be one step ahead at all times.
“It’s likely that fraudsters will become more sophisticated at the same rate that banks implement smarter fraud detection methods. The AI solutions being used for data analytics must always be at the top of their games to keep cybercriminals at bay,” said Joseph Sieczkowski, head of technology architecture and data at BNY Mellon.
“[We] do testing constantly to retrain our models to be able to pick up on different types of fraudulent activities,” he noted.