Powered by technology like generative artificial intelligence (AI), behavioral-driven fraud is enjoying a modern renaissance.
Whether through business email compromise (BEC) attacks or account takeover (ATO) scams, the strategies bad actors use to probe human-level vulnerabilities have evolved from easy-to-spot phishing attempts into highly sophisticated operations with the help of today’s future-fit digital tools.
Damian Williams, the United States Attorney for the Southern District of New York (SDNY), unsealed Thursday (June 8) an indictment charging a New York woman with laundering the proceeds of nearly $10 million in BEC scams through fraudulent bank accounts that she and others opened using fake and stolen identities.
The woman’s more than 15 alleged victims should consider themselves fortunate that she was even caught and arrested. Most of the time, organizations and individuals subjected to fraud usually must write off the loss.
Get the research: Stopping Bank Fraud With Cybersecurity Solutions
While 21.5% of fraud complaints submitted to the Federal Trade Commission (FTC) in 2022 were related to identity theft, “only one in around every 700 digital identity crimes committed end up being prosecuted,” Erika Dietrich, head of risk services for payments systems company ACI Worldwide, told PYMNTS.
“We continue to see a hockey stick increase in digital identity information being compromised and used for synthetic identity fraud, account takeover fraud and other types of digital identity abuse,” Dietrich added.
With the world growing ever more digital, consumers’ and corporations’ identities, as well as the authentication controls around them, are being transferred to an online environment as well.
This transition period has provided bad actors with a wealth of opportunities to combine real, stolen credentials with fabricated personally identifiable information to create new identities for committing financial fraud.
“There’s a beautiful upside [to generative AI] that can reduce cost and drive much better customer experience,” Gerhard Oosthuizen, chief technology officer of Entersekt, told PYMNTS. “Unfortunately, there is also a darker side. People are already using ChatGPT and generative AI to write phishing emails, to create fake personas and synthetic IDs.”
Oosthuizen added that potential scammers can even use generative AI tools to ask, “How would I defraud a customer?” and the AI engine will spit out a list. Or they could ask it for “10 ways to run a phishing campaign,” many of which could be effective strategies.
That’s why, as businesses continue to navigate the digital landscape, they must remain vigilant against the ever-evolving threat of cybercrime. Organizations’ defenses of their exposure points should leverage sophisticated strategies that employ a potent mix of future-fit technology, data and analytics, and educational best practices for their employees.
Ninety-five percent of executives surveyed by PYMNTS said they consider using innovative solutions to improve fraud detection and compliance a high priority.
That’s particularly because, as additional PYMNTS research found, organizations relying exclusively on legacy processes and tools may find themselves vulnerable to modern fraud attacks.
“Technological advances are often slow and complex, but the new types of fraud that come with those technological advances can be the opposite of that — fast and simple,” Elly Aiala, chief compliance officer at Boost Payment Solutions, told PYMNTS earlier this year.
Behavioral-driven scams like BEC attacks are especially dangerous for organizations, as they can result in financial theft, fraud, extortion, or even reverse-breaches where bad actors can gain access to enterprise data and systems through a compromised account.
After all, who has greater access to a company’s inner workings than a member of that organization’s senior leadership?
BEC attacks are usually aimed at individuals and departments responsible for money in and money out, such as the finance and treasury or procurement departments.
Even more worrying is that scammers are moving beyond corporate email accounts to target C-suite leaders at home and in their personal lives, making smart defense across all touchpoints crucial for enterprise security.
Proactive measures are needed to secure both organizational and individual perimeters, including safeguarding email accounts with multifactor authentication and passwordless or biometric measures, as well as investing in education and training programs to upskill employees around appropriate anti-fraud policies and procedures.