The rise of fraud in times of disruption
The vulnerability created by a global pandemic provides more opportunities for fraud. With increasing reliance on digital channels – for everything from working from home to obtaining vital goods and services – comes risk. Here’s what you need to know to help keep your business and customers safe.
- Fraud is on the rise since the start of the COVID-19 pandemic.
- Criminals and scams are getting harder to identify.
- There are steps you can take to protect your business and customers.
In its report Coronavirus Pandemic Is a Perfect Storm for Fraud, the Association of Certified Fraud Examiners says the 2008 GFC showed fraud rises in times of crisis and recession. Australia, is experiencing both due to the COVID-19 pandemic.
According to the UN, cybercrime is up 600% worldwide. FraudWatch International says one week in April saw more than 18 million attempted malware and phishing attacks featuring COVID-19 lures. Essential services, such as grocery delivery and streaming platforms, were particularly popular targets.
“People are a little bit more vulnerable right now, particularly when they’ve had a stressful few months,” says Susan Nicholson, Australia Post’s Head of Business and Government Financial Services. “They’re more likely to unwittingly fall victim to scams.”
And it’s not just consumers who are targeted. Organisations are at risk of fraud spikes, with rapidly changing work conditions and service provision opening up new risks of attack.
“We’re all connected these days and issues can spread quite quickly” says Munro Farmer, Australia Post’s Chief Information Officer. “So it’s important to make sure you have fraud protection tools in place, and can constantly monitor and adapt to the ever-changing landscape.”
Changing security for changing working conditions
The COVID-19 pandemic saw thousands of employees around the country transition to working from home. This makes it harder for businesses to keep control of security measures, as personal mobile devices, computers and home networks can increase risk, as can cloud-based services and tools.
“There’re so many new applications for submitting work or staying in touch, with more usernames and passwords,” says Australia Post’s Solution Lead Peter Unkles. “People have become more comfortable doing things digitally because they have to, and now they might be more likely to click on a scammer’s link.”
Even before the rapid migration to digital brought on by COVID-19, a study from security platform FireEye showed an estimated 70% of phishing emails were opened by targeted recipients. These already high numbers can rise as people turn to online channels more.
Organisations need to be able to implement safety precautions quickly to combat these issues. “As business evolves, along with the context around us, we need to be faster and lighter” says Farmer.
According to Farmer, “We had to share a lot of information and education with our staff over a two-week period [in March] instead of what would usually be a three-to-four month process. A lot of the training and deployment was done over the course of three days. It really demonstrated it’s possible to accelerate the pace of these education programs when you need to.”
The rise of fraud in Australia during the COVID-19 pandemic
Cyber criminals are using the coronavirus as a new opportunity to defraud Australians. The Australian Competition and Consumer Commission’s Scamwatch has received more than 2700 reports that mention the coronavirus, resulting in more than $1.1million in losses.
Some scams have seen fraudsters impersonating government agencies like the Department of Health, myGov and the ATO. These scams involved offering seemingly important information about COVID-19 testing and updates, tax refunds and economic support and subsidies in exchange for personal data. And phishers have impersonated essential service businesses - including Australia Post.
While services such as SecurePay offer award-winning tools to prevent fraudulent transactions before they occur, fraudsters are always looking for other ways to commit crime. “Criminals are constantly moving, so you need to be constantly on the alert, monitoring and adjusting your ecosystem” says Nicholson.
Going after superannuation
“Superannuation is a big target, and fraudsters will definitely look for ways to access the funds we’ve got sitting there,” Unkles says.
Identity crime is a key enabler of superannuation fraud. Criminals will use stolen personal details and documents to access other people’s savings.
Cyber criminals are adapting quickly. Organisations need to keep up by offering secure solutions for customers. “Tools such as Digital iD™ are great for traditional digital withdrawal applications,” Unkles says.
“And in-store ID verification at Post Offices can help Australians who would prefer to use a physical channel for their application submission.”
How to spot potential signs of fraud
Helen Sultana, Australia Post’s Manager of Cyber Security Education, says it’s getting harder to see the signs of cyber fraud.
“They’re cleverly crafted now, and we don’t see the spelling errors we used to,” she says. “Now what we are seeing is a rise in compromised business email. We’re seeing people receive scam emails that look as though they are from known and trusted sources.”
Here are four things to look out for in emails, even if they come from a trusted source:
- A sense of urgency The scammer manipulates you emotionally by asking you to act without thinking.
- A call to action Asking you to download a file, click a link, reply with extra information or contact somebody.
- Changed contact information Telling you to call them on a different phone number or send them information via a different email address.
- Changed transaction information Telling you to send funds or pay bills to a different account.
The COVID-19 pandemic has been the catalyst for rapid implementation of digital channels – for work and online transactions. And now we’re relying on them more than ever.
However, this quick transition has presented fraudsters and scammers with more opportunities to strike. Given security should be an ever-present consideration, increasing efforts to combat new digital risks can help you avoid danger.