Frank Teruel is CFO of Arkose Labs, a leader in bot management & account security. He’s a known expert in cybersecurity & anti-fraud.
ROI is the whole game. Just as your company’s C-suite is laser-focused on maximizing profit, so are fraudsters. The latest data from the FBI Internet Crime Report that was published a few months ago supports the profit premise.
The report showed skyrocketing fraud costs with potential losses up 22%. Unpacking that data indicated that complaint volume increased slightly (close to 10%). The conclusion is clear: Scammers are getting better at making large sums of money.
While the total value of reported losses exceeded $12.5 billion, there’s good reason to believe the true cost of cybercrime is astronomically higher. Many individuals and companies don’t report after they’ve been hoodwinked.
Finance teams are a core target: Follow the money.
Fraudsters have a great understanding of organizational hierarchy and who controls or influences access to money. Not surprisingly, as they plot their attacks, they often also target the controllers and influencers to drive up the potential value yield gained by “tricking” the individuals who manage these high-value assets. The IC3 report data indicates business email compromise (BEC) was a heavily deployed scam, with $2.9 billion in reported losses. This scam relies on trust and instilling urgency. Fraudsters impersonate a CEO, CFO or another C-level employee, and given employees’ desire to do a good job and please executives they quickly comply.
A while back, I received an email from my CEO that aligned with my work, was exceptionally well written, referenced a project that was active at the time and was otherwise on point. In almost every respect, it appeared to be a legitimate request—until I read the last sentence. It simply said, “Have a splendid day.” Wait, what? No way that came from my boss! That was not a phrase I had ever heard him utter. I quickly texted him and asked if he had sent the email request. His answer was no.
The prevalence of BEC attacks and executive impersonation social engineering highlights the importance of a multipronged approach to online fraud prevention, including educating staff about the risks posed by phishing and other scam attempts and the importance of validating requests before responding. Members of the C-suite need to collaborate to make sure their teams are aware of emerging scams, understand how to build cyber resilience into their operations and have a plan to fund and orchestrate appropriate continuous training.
Practice makes perfect—scamming.
Cybercriminals frequently test and optimize their attacks in proving grounds by running their scams in industries that deal with smaller dollar amounts. Once the scam proves effective, they roll out attacks aimed at compromising much larger targets, increasing the money gained from the optimized scams.
It’s a trend that is borne out in the IC3 report. Investment fraud was last year’s greatest area for reported losses, accounting for $4.57 billion. With scams falsely promising high returns and low risk, fraudsters deceived high-net-worth individuals into making investments. Remember the adage that “if it’s too good to be true, it’s likely too good to be true”?
Scammed customers can quickly lose confidence in a company and often move their business to competitors. And with the plethora of social media channels, their departure can be very vocal. To avoid this blowback, how can you help your customers protect themselves when they transact with a fraudster posing as your business online?
By far, phishing attacks comprised the highest volume of reported cases in the recent report, with more than 298,000 instances. These malicious scams use unsolicited emails, text messages and telephone calls laden with fear or urgency, and purportedly from a legitimate company, to move customers to act quickly. Armed with the resulting personal, financial and/or login credentials of the affected individuals, the scammers drain accounts and run. Given the yields from these scams, I believe they will continue en masse and will become more advanced.
So, how do you protect your customers? Start by proactively detecting and stopping the use of reverse proxies that would otherwise take unsuspecting consumers to a phishing site that is similar to their bank’s site. Step one in safety is keeping them away from the sites; do so to help protect them from becoming the latest vocal victims. Using a solution for the detection of reverse-proxy phishing can also alert consumers in real time when their credentials may have been compromised and inhibit the theft of multifactor authentication codes that scammers use to take control of digital accounts. By protecting your customers from the fraudsters’ ploys that compromise their data, you build trust, protect their assets and avoid experiencing frustrated vocal customers.
Protect your business with a multipronged strategy.
Cybercrime is a lucrative career for many fraudsters. The message for CFOs is clear: Investment in prescriptive fraud defenses pays off.
Fighting fraud isn’t a one-and-done exercise. The IC3 data highlights cybercrime continues to grow in prevalence and damage value. Battling attacks one by one isn’t enough; bad actors simply come back stronger, leveraging readymade bots (many of which are powered with AI) that they can easily purchase on the dark web to attack in massive volume. To truly stay ahead, implement a defense-in-depth approach to disrupt fraudsters’ profit margins. With earnings sabotaged, cybercriminals will find their attacks become economically unviable and move on to less protected businesses.
Fraud often begins at the digital account level—login or sign-up. This highlights the need for a top-of-funnel solution that discerns volumetric bot attacks, allowing cybersecurity teams more time to monitor risk signals and detect threats before they make impact downstream.
What’s a winning strategy?
• Invest in defense-in-depth solutions that make it expensive for cybercriminals to deploy volumetric attacks.
• Inform consumers on fraud prevention best practices, highlighting emerging scams and how to spot and avoid them.
• “Be on the lookout” for attacks. It’s not a matter of if but when fraudsters show up. Awareness is the first step in preparedness so partner with vendors that share real-time threat data so you’re prepared before the fraudsters come knocking.
Forbes Finance Council is an invitation-only organization for executives in successful accounting, financial planning and wealth management firms. Do I qualify?
Read the full article here
