Legal Technology partner with multiple companies

Being in the Legal Technology partner with multiple companies and agencies within India and working closely with fraud prevention industry for more than a decade, it gives me an insider’s view of how fraud attacks work - including seeing new patterns emerge.

Here are recent insights on how fraudsters are increasingly targeting people to take control of their bank accounts and initiate unauthorized wire transfers.

? The Phone Call Scam: Scammers exploit the vulnerability in PSTN to spoof caller IDs, making it seem like the call is coming from a trusted bank. A number of well-known VoIP providers make this possible.

? Remote Access: Once they establish contact, scammers mention there is some suspicious activity or other important reason behind their call. They then persuade victims to install remote desktop applications like AnyDesk, or to turn on WhatsApp or Skype’s screen sharing. This allows them to access banking apps and initiate transfers. This helps them to intercept login data and one-time passcodes. Banks also don’t insure against such scams, leaving victims exposed.

? AI in Voice Scams: Imagine combining voice recognition with GPT-based text-to-speech technology. Scammers scale their operations massively, this is a future risk we must prepare for now.

So what proactive measures can banks and digital wallets take?

1. Customer Education: Many banks already do this; keeping their customers informed about official communication channels and the importance of calling back through their verified numbers.

2. One-Time Passcodes for Payments: OTPs aren’t just for logins but also useful for transactions, with detailed payment information included.

3. Being On a Call During Transactions: The top FinTechs are already looking into, or developing technology to detect if a customer is on a call (phone, WhatsApp, Skype) during banking activities. 

4. Detect Remote Access: Implement detection mechanisms for any remote access protocol usage during banking sessions.

5. Behavior and Velocity-Based Rules: Sophisticated monitoring should be used to flag activities in real-time based on unusual behaviour and transaction speed.

6. Device, Browser, and Proxy Monitoring: This is a quick win, as there are many technologies available to flag unusual devices, browsers, and proxy usage that deviates from the customer’s norm.

7. Multiple Users on Same Device/IP: Ability to identify and flag multiple customers who are using the same device or IP address in one way to detect bots.

8. Monitoring Bank Drops and Crypto Exchanges: Pay special attention to transactions involving neobanks, crypto exchanges, or other out-of-norm receiving parties, to identify potential fraud. Some of them might not ask for ID and even if they do, it can be easily faked with photoshopped templates.

Hope you find that useful, and in the meantime, I’d love to hear what other emerging threats you’ve seen or heard of. Fostering these open conversations is what enables us all to unite together against combating fraud ?

CYBER LEGAL ADVISORY