Hacking humans: Social engineering in financial fraud
The phrase ‘social engineering’ may sound like something out of a behavioural psychology textbook, yet it represents a real and present threat facing citizens and financial institutions around the world.
In fact, social engineering is a leading cause of financial crime today, wherein criminals dupe their victims through the use of psychological manipulation in order to commit financial fraud, such as disclosing confidential information and eliciting payments.
And it’s on the rise. Fourthline recently gathered data pertaining to millions of bank account openings throughout Europe in the past year and found a 37% increase in social engineering attempts by fraudsters attempting to manipulate people. On top of that, the data indicates that social engineering represented 46.73% of all financial fraud attempts across Europe in Q2 2021.
Regions where social engineering is rife
The countries that have experienced the most of this type of fraud are Romania (3.3% of bank account openings) and Greece (2.7% of bank account openings). Collectively, Europe as a whole has seen an increase in social engineering attempts to the tune of 1.4% of bank account openings in just the past year.
While the numbers (fortunately) haven’t yet hit the double digits, the financial implications are immense: the global costs of financial crime compliance amount to more than $213bn.
How is social engineering used to commit financial crimes?
Broadly, social engineering is a tactic used by criminals to exploit a person’s trust in order to gain access to an already open bank account; or to create a fraudulent bank account using an innocent person to do so.
Criminal techniques are advancing rapidly. We have seen cases across Europe where people are tricked into opening bank accounts – for example, a selfie is taken of them whilst sleeping. Or even more worryingly, selfies may be taken under duress and used by criminals to try to open a bank account.
The common thread of this practice is that it exploits human vulnerabilities to obtain information under false pretenses, which are then used to wreak devastating havoc on people’s personal finances and financial systems by breaching security.
The pandemic as an accelerant of financial crime
The pandemic has exacerbated the problem of social engineering, identity theft, and associated financial fraud. Fraudsters are becoming smarter, using new techniques, including deep fakes, and creating synthetic online identities to evade detection.
In just the past year, our data shows that assisted selfies have increased by 19%. This is where a criminal ‘assists’ in taking a selfie of the account application to use for fraudulent purposes. Often, this can include the use of silicone masks or CGI technology to impersonate the applicant or mimic their location.
Sadly, the targets of financial fraud tend to be the elderly, with our data showing that 19.9% of people aged 60+ were ‘assisted’ in opening a bank account in the past year through the use of fraudulent means like the ones outlined above.
The challenges faced by financial institutions
Financial institutions find themselves in an almost impossible situation. Regulators across Europe have tasked them with not only improving financial crime checks on new clients but also reviewing the Know Your Client (KYC) files of existing clients through large-scale remediation. This necessitates a highly diligent, high-quality process under strict timelines.
Taking a proactive, comprehensive approach to identity verification is increasingly important as fraudsters become more prolific and the methods more sophisticated. With fraudsters changing their approach on a near daily basis, financial institutions need real-time solutions, including intelligence and analysis of fraud patterns that can help deploy red flags in time to stop fraud in its tracks.
Increasing firepower in the battle against financial fraud
To stay one step ahead of financial fraudsters, a unique combination of advanced AI techniques and highly trained financial crime analysts are an institution’s best defence. Financial institutions and businesses can use this combination to incorporate checks across identity, liveliness, documentation, biometric data, device metadata and watchlists.
With the annual cost of financial crime compliance estimated at nearly $60 million in 2020 across Europe alone, there’s never been a better time to improve efforts to identify emerging financial crime trends to address fraud and meet compliance.
Ultimately, if we are to combat social engineering fraud, simple document verification isn’t enough; we must take a more holistic approach to data verification. It is only then that institutions will be able to render nefarious actors toothless in the fight against financial fraud.
About the author: Ro Paddock is head of anti-financial crime at Fourthline, a digital technology and compliance company based in Amsterdam. She is a multi-industry fraud and risk mitigation expert, with an exceptional fraud reduction track record.