The Retro Fraudster: How to Spot the Old-school Tactics Making a Comeback

  • Simon Viney, Cyber Consulting Sector Lead at BAE Systems Applied Intelligence

  • 25.02.2020 11:15 am
  • cybersecurity

As technological innovation drives new opportunities for fraudsters, digital security counter-measures could inadvertently be encouraging a resurgence of old-school tactics. These criminals know that today’s customers are wise to some of the more common online scams, but may not be aware of legacy techniques. Savvy criminals might operate Ponzi schemes, bounce cheques or even create fake work opportunities, while using tech-based tricks to help their efforts appear more convincing.

From fake cheques to CEO fraud

Cheque fraud is a growing trend in the US, where this is still a relatively common way to pay. We’re seeing a combination of new channels and old-school tactics emerging. With the advent of higher-quality personal printers, for example, it’s much easier to make one’s own cheques, or to copy other customer or cashier cheques. In the UK, innovative banking services allowing customers to send cheques to their lender digitally also provides criminals with a new opportunity. If they’re able to get hold of a photo of a legitimate cheque, it may be possible to edit the image to change the payee or amount details.

Elsewhere, the timeless Ponzi scheme has been updated for the digital age. Traditionally, investors are lured in by promises of high rates of return from sales of a non-existent product or service. Today, digitally assisted marketing and the lure of making easy money have given rise to Ponzi-like cryptocurrency schemes. In December, three men were charged by the US Department of Justice for allegedly defrauding investors out of $722 million, in just such a scam.

Fraudulent job adverts are also on the rise, luring ‘successful’ applicants into paying money up-front for equipment or tricking them into acting as money mules. In addition, we continue to see executive scams, such as invoice hacks  — also known as “CEO fraud” or “whaling”. Here, a fraudster uses social engineering techniques via email to persuade an accounts department to send a payment outside the company, to an account under their control.

Occasional large value scams in this space generate headlines, such as the tens of millions lost by Toshiba ($37m) and Nikkei ($29m) last year. But many of these payments are for small sums, allowing them to slip under the radar. According to the FBI, business email compromise (BEC) of this sort incurred losses of $1.3 billion in 2018, nearly half of total cybercrime reported to the bureau that year.

Time for vigilance

While young people are better prepared to spot digital scams, they might still fall for these “retro-crimes”. A millennial employee might be quick to delete an obvious phishing email, for example, but they wouldn’t even consider someone going to the trouble of creating a counterfeit cheque.

Knowing the customer is crucial if banks want to successfully tackle this growing trend. This will require greater vigilance in monitoring particular customer groups and seemingly anomalous payments. By contextualising those payments with an individual customer’s payment history and what you know about the payee, suspicious patterns could emerge. For example, excessive payments from the over-55 segment should raise a red flag, as should a set of sudden payments by different customers to the same payee.

The good news is that a leading pack of banks are already stepping up to do more to help their customers. The Bank of Montreal, for example, recently launched its own financial crimes unit to improve customer outreach. But both banks and their customers need to be alert to the range of techniques at the disposal of the modern fraudster.

Sometimes it’s the simplest things that end up catching us out.


Related Blogs

Other Blogs