DIGITAL FRAUD

IN BANKING- 2021
 CONTEXT & SITUATION

In 2020, cybercriminals exploited technological weaknesses and vulnerabilities, made use

of the fear and emotion that overwhelmed us and focused their activity on people,
on deceiving them, organizing their attacks to take advantage of the lack of awareness or
situations that take people off guard.

COVID-19 meant that people spent more time online at home, which led to a greater
demand for content, including “letting their guard down. ” That’s why we reinforce and
encourage companies to focus and think about people, as well as the technological
solutions. The impact generated by the Cybercrime industry largely had to do with how the
behaviors of us humans were affected by the impact of the pandemic. In this new scenario,
not all incidents were exclusively linked to an attack; in many cases, they were deficient or
even non-existent safety practices and the “human factor” behavior.

During the past year 300% was the increase in the number of attacks once the pandemic
was declared and the quarantine began worldwide. There was a 70% increase in online
crime and scams. Never before were so many cybercrimes recorded, the constitution of
organized gangs to defraud and steal was a reality during 2020, as well as its
efficiency for committing crimes and reducing by half in less than a year the execution time
of a cyberattack.

2
CONTEXT AND SITUATION

Variation, creativity, speed, sophistication and efficiency are unprecedented. Phishing,

Malware, Data Breach, Distributed Denial of Service (DDoS), Ransomware, Cryptohacking,
Sextortion, revenge porn, etc. have been mostly executed through smartphones.
According to our statistics 60% of the commission of the crime is due to
previous cyberintelligence activity.

More connected than ever to the internet, on many more devices and many more hours
than before, names that were not popular before the pandemic, such as: zoom, meet,
teams, no matter which, now they are just another member of the family, in
fact exactly a year ago the word “zoom” was one of the most used to impersonate identity
and deceive users.

The devices that we used to spend our time without even thinking about social media,
today became our livelihood, 7x24, added to the care of the kids, who attend virtual
classes, do homework, take care of the house and work, while we worry about health, the
household economy and the uncertainty about what fate holds for us.

3
 CONTEXT AND CIRCUMSTANCES

March had a daily average of 600 phishing campaigns.

Online crime and scams have increased by at least 70% during

lockdown as people are generally more connected but at the same
time more sensitive and inattentive than ever.

During quarantine, “phishing” is the most frequent type of cyberattack,

accounting for 45% of online crimes.

4
DIGITAL FRAUD- DNA

igital
D

en
F de

Banca
rau
2021
DIGITAL FRAUD- DNA

We recorded and analyzed 130 different fraud techniques in 2020,

90 new ones in the first quarter of 2021. Phishing is present in 45% of
incidents and cyberattacks with a probability of generating economic
damage, with an effectiveness rate of 40% compared to the credibility that
is initially granted and once this happens, 75% of the victims deliver all
the data, in the same gallery of crimes are presented as variants to
continue confusing the market and its victims, vishing, fraudulent Adwords,
Trick 4.0 and on-line skimming, among others.

Social networks have positioned themselves as raw material for the

action of "cyberintelligence" by criminals and users themselves have
become co-responsible and necessary participants in their conversion into
victims. In this sense, it is important to understand that between 10 and
15% of accounts and users are false on social networks.

This is exacerbated by the penetration of social networks, instant messaging

systems and the pandemic effect, more devices that we connect to longer
and longer, from waking up to bedtime. Every 4,000 emails, one of those we
actually receive has a very high probability of including a hoax.

6
DIGITAL FRAUD- DNA
The same goes for the apps we download
from stores, every 40 apps, one might
include embedded code that executes
undeclared actions that could cause damage.
In the current context, the financial industry is
not exempt from the impact of Covid-19, the
way the transaction is carried out and the
interaction with the market and customers
has changed forever.
At a time when the number of square meters
and branches is shrinking, omnichannel and
new and multiple digital modalities are on the
rise, it is clear that scammers and
cybercriminals are using new ways of robbing
banks and their clients, in a truly innovative
and highly effective way, our surveys show
that:
The execution time of an attack was reduced to half the time
normally required for pre-pandemic. Criminal capacities
became highly efficient, with a peculiarity that aggravates
diagnosis, anonymity and impersonation mean that the
chances of identifying and stopping their operations and
imprisoning those responsible are low.
The industry grows in a cartelized way. Cybercriminal gangs
share knowledge and collaborate with each other, even for the
first time we have observed the outsourcing of services, that is,
leading and executing a cyberattack without even having
technical knowledge, hiring hacking services for the purpose of
economic fraud against a Bank and its clients.
7
DIGITAL FRAUD- DNA

There are deliberate actions aimed at training, educating Cybercrime is an industry that has more resources and
and training cybercriminals through digital formats, with budget than governments, security agencies, justice and
alternatives to employment. financial institutions.

The operation of many gangs is transnational. The same

Knowledge and technology for cybercrime commission
gang can use globally distributed technology assets and
are available and are free of charge.
wave-on-wave attacks on financial institutions in
The human factor is the behavior of users as the engine
different countries around the world, using the same
of cybercrime, beyond prevention, the need to educate
cluster of technology assets.
and raise awareness.
Cybercriminals are increasingly taking into account the
behavior of users to target their attacks, relying more on
The situation of uncertainty, is added to the fact that social engineering techniques.
many users are very concerned about the protection of
their digital identity and do not believe they will be able
to detect a threat.

8
NEW DIGITAL ABNORMALITY

igital
D

en
F de

Banca
rau
2021
 NEW DIGITAL ABNORMALITY

TRUST IS EVEN MORE IMPORTANT WHEN

SOME TIPS FOR HOW TO DEMONSTRATE
WORK FROM HOME YOU WORK REMOTELY PRODUCTIVITY
WORKING
REMOTE?

HOME
OFFICE
vs.

I CAN'T WAIT FOR THE VIDEOCONFERENCES! KIDS

IS IT POSSIBLE TO ALWAYS BE ON-LINE?

10
 NEW DIGITAL ABNORMALITY
Both financial institutions and their
clients are victims of actions that try
to deceive and defraud them
financially. The Control Entities
must have greater interference and
relevance in the future.
The solution should not be focused
only on technological tools, this has
been a repeated mistake.
There is a legal vacuum, and governments must speed up
the enactment of new laws. This report reflects the results of
our surveys regarding Bank Fraud, collects data from real
cases that we have investigated and surveys that we have
carried out to banks in different parts of the world. We focus
on how financial institutions should deal with a
phenomenon that is global, identify and contain threats,
integrate the areas of cybersecurity with the traditional
concepts of Control and Fraud, and how to train and prepare
the operation and its human resources. Banks must become
much more flexible and quick to respond to threats and
adopt new approaches and technologies to predict and
prevent fraud.
11
 NEW DIGITAL ABNORMALITY

Key findings
More than 50 per cent of banks worldwide experienced increases
in the amount of external fraud.

The increase in the methods and types of fraud affecting Financial

Institutions and their clients, including identity theft and account
takeover, implementation of pre-agreed services, fraud with
non-present card and automatic payment scams.

Some external execution frauds were linked to the bank’s internal

resources, especially when it comes to the exposure implied by the
multiplicity of outsourced platforms currently used.

The average recovery rate is around 20%, the strategy should be

directed towards prevention and early identification of fraud. Banks
are investing in new fraud prevention technologies, but not
necessarily in know-how.

12
 NEW DIGITAL ABNORMALITY

Key findings
Banks recognize that the most important challenge in fraud risk is Scammers are becoming
cyberattacks. We believe it is relevant to work on the integration of
the concept of Cybersecurity-Fraud-Control. more sophisticated and can
quickly change and adapt
Cybercriminal gangs are manipulating and coercing clients without their approaches. Banks
going through bank controls.
must be agile to respond to
Customers are key to preventing and detecting fraudulent activity on the new threats and adopt
their accounts, especially to reduce losses from scams. More needs new approaches and
to be done to educate clients about fraud and scams.
technologies to predict and
Open banking is considered a major challenge in the risk of fraud by prevent fraud.
banks, and banks around the world are preparing to open their doors
to third parties to access their customers' data.

13
2021 BANK FRAUDS
TO BE CONSIDERED

RAUD I
F

N
D AL

BANKIN
IGIT
G- 2 21
0
 MAIN TYPES OF BANK FRAUDS IN 2021

Bank fraud is constantly evolving as conditions change, creating new

vulnerabilities for banks, their customers and opportunities for fraudsters.
Keeping abreast of this moving goal is essential for banks to find solutions
that can detect and prevent this type of scams, especially given the effects
of the pandemic.

In our Cyberpandemic 2020-2021 report, we found a 70% increase in the

volume of Cybercrime with a direct effect on the victims' economy, while
also acknowledging a 300% increase in the number of attempted attacks.
The trend for this 2021 is also on the rise. In the same gallery of crimes are
presented as variants to continue confusing the market and its victims,
Vishing, Fraudulent AdWords, Trick 4. 0 and Skimming on-line, among
others.

Our review of the main types of bank fraud to watch in 2020/2021

highlights the common methods criminals use to defraud banks and their
clients, something everyone should know to move forward.

15
CONTEXT AND CIRCUMSTANCES

We organize the most relevant fraud methods and techniques to use, as

this distinction directly affects the level of responsibility faced by banks,
which should explain the reasons for the growth of bank fraud. During the
Covid-19 pandemic, it has created the ideal conditions for many types of
fraud to flourish. Millions of people have been forced to change their daily
behavior, especially the way they work, shop and communicate, speeding
up fraud in the following ways:

The shift to remote work among many office workers, including bank
employees, has required people to access corporate systems remotely,
often with limited security measures, adding a defining fact Social Media
Services, Messaging, BOTS, etc. They have been a channel used
repeatedly by cybercriminals, as on these platforms some typical internal
controls and confidentiality requirements have been relaxed or at least
made more difficult to enforce in the home work environment. Added to
this is the huge volume of new users who hand over their own
information to unconsciously facilitate being cheated.

16
 SOCIAL MEDIA - WORLD

We organize the most relevant fraud methods and techniques used, as

this distinction directly affects the level of responsibility faced by banks
58% of the population
publishes 22% of the population
shares home
and which should explain the reasons for the growth of bank fraud. The
Covid-19 pandemic has created the ideal conditions for a proliferation of
telephone data on information
social networks many types of fraud. Millions of people have been forced to
change their daily behavior, especially the way they work, shop and
communicate, speeding up fraud in the following ways:

The shift to remote work among many office workers, including bank
30%
+ of the population
mentions place and 20% of the population
shares date and
employees, has required people to access corporate systems remotely,
often with limited security measures, adding a defining fact Social Media
time of work place where they Services, Messaging, BOTS, etc. They have been a channel used repeatedly
vacation
by cybercriminals as on these platforms some typical internal controls
and confidentiality requirements have been relaxed or at least made
more difficult to enforce in the homework environment. Added to this is
E-commerce and home delivery have created new the huge volume of new users who give their own information to facilitate
opportunities for phishing scams involving email alerts or text unconsciously being cheated.
messages, as well as an overall increase in communications via
digital channels that can be falsified and exploited for phishing
purposes.

17
 SOCIAL MEDIA - WORLD

Although the pandemic has increased the number of opportunities open to fraudsters,
the way they operate has not changed so much. While criminal gangs that hire skilled
people on the Dark Web to implement hi-tech tools are responsible for some frauds,
many others are still ‘Petty theft’ using the Trick 4. 0 as their main technique.

Many frauds are successfully executed using familiar tools such as email, phone call
and social media messages. They depend on little more than social engineering and
the manipulation and deceit of their victims. The vast majority of bank frauds are
directed at bank customers, unlike what happened before Covid-19, with internal bank
fraud and corporate fraud.

In the developing world, the introduction of enhanced security for transactions via
digital channels, such as single-use passwords for mobile banking, has led criminal
gangs to seek alternative routes. This has led to increased recruitment of insiders to
facilitate fraud, as their access to the bank’s back-end systems opens up a new avenue
for fraud attacks. Although these are low volume, they usually try to steal
substantial sums.

18
 2021 FRAUD OVERVIEW
In almost all cases, fraud is
carried out by initiating
extractions, withdrawals or
payments from victims
accounts.
Bank fraud 2021 tends to involve a
combination of technological tools and
social engineering efforts to manipulate
and deceive the victim.
Automatically assigned services or benefits are
taken that generally make use of a window of
time in which victims are not consistent and
have no way of reporting on this behavior. In
most cases, payment pages are used with the
option of being made via e-money services or
transfers to bank accounts belonging to holders
whose identity has been forged or
impersonated, and in some cases
cryptocurrencies are also used.
19
 2021 MAIN TYPES OF BANK FRAUDS

1. Social networks and search engines offer fraudulent ads

2.Vishing, Phishing to steal corporate accounts
3. Internal bank fraud
4. Phishing scams
5. Scams ‘Man in the middle’ / pharming
6. Mobile wallet fraud
7. SIM card exchange fraud
8. Banking Malware
9. Web Skimmers
10.“Authorized payment” - social engineering
11. Romantic scams
12. Business Email Commitment (BEC)
13. Invoice fraud
14. Investment scams 20
TO GET THE FULL REPORT PLEASE CONTACT US AT:

hi@btrconsulting.com

info@btrconsulting.com
www.btrconsulting.com