The Magic of Fraud
Fraudsters are like magicians. They can make things disappear, they can instantly move things from one place to another, and they themselves can disappear in an instant. A magic trick is defined as “a remarkable act carried out purportedly by magical means but actually by trickery or illusion generally as a form of entertainment.” Both magicians and fraudsters accomplish these “remarkable acts” by diverting the observer’s attention (creating the illusion), if only for a moment, to complete the mechanics behind the trick. Magicians do this for applause. Fraudsters do this to steal money. Now you see it. Now you don’t. Your members probably have, or will be, victims of fraud. In fact, in 2021, it was estimated that 9 in 10 Americans (229 million people) experienced a fraud attempt, and one in six (33 million people) lost money to a scam. That much fraud truly is a remarkable act. Let’s look at some tricks fraudsters use to steal money.
Money Muling
The slowing economy has given criminals a unique opportunity to take advantage of consumers struggling to make ends meet under the increased cost of living. According to the FBI, money muling occurs when someone transfers or moves illegally acquired money on behalf of someone else. Like the magician, the fraudster uses an assistant to perpetrate the fraud. Preying on the emotional desperation of unsuspecting consumers, criminals identify their participants in situations where they may be vulnerable. For example, they use individuals who are actively job hunting and approach them with tempting offers on job boards to move money through the use of their bank accounts, cashier’s checks, virtual currency, and prepaid cards. In return for their service, the assistants are offered a commission or bonus when the money is moved successfully. This get-money-fast opportunity may be just what a desperate job hunter needs to stay ahead of their bills. And fraudsters have used other tools to facilitate money muling. Social media and dating websites play on the emotional relationship interest of their victims to move money on their behalf. Often to receive their reward, money mules provide their personally identifiable information making them not only a participant but a victim of the fraud as well.
Shoulder Surfing
Post-pandemic consumers are back in person at just about every activity in their lives. Most consumer awareness has focused on cybercrime, but fraudsters take advantage of every opportunity. Shoulder surfing occurs when criminals lean in just a little too close over the unsuspecting consumer’s shoulder to view and steal their card information. Shoulder surfing can occur at airports, malls, or even at an ATM.
Picture this. A consumer waiting for a flight decides to catch up on their bills. They take out their credit card to make an online payment by looking at the front of the card to enter the card number and expiration date. Then they flip the card over to enter the CVV. Both actions probably take less than fifteen seconds, but that is more than enough time for a fraudster to capture the information. The same can happen at an ATM where the person standing just a short distance away can easily steal the card information, observe the keys the consumer presses on the keypad, and decipher the consumer’s pin based on those movements. Normally, people recognize the violation of their personal space. But many activities, such as using a cellphone, divert the unsuspecting victim’s attention. The only protection against a shoulder surfing attack is the potential victim’s awareness of the people around them.
Fake Apps
Fake financial institution mobile apps are a booming business for fraudsters. Fake apps prey on a consumer’s trust in their financial institution. By creating a fake app and sending a phishing email with a link to download the app, unsuspecting consumers become victims of fraud. The phishing email and app perfectly match the financial institution’s identifiable information that a consumer is used to seeing, such as the logo and contact information. To get the consumer to take action, the fraudster creates messaging with a sense of urgency. Consider the following examples: Payday? Get faster access to your funds by downloading our mobile app. Our app has received a five-star rating from over 10,000 members like you. We’re so confident you will like our app that we will pay you $100 just for trying it out. The fraudster uses the illusion that the consumer will gain something by taking action. The app will give them faster access to their funds. Elation. If 10,000 members have given the app a five-star rating, they are obviously missing out on an experience. Inclusion. Their credit union will pay them $100 to try it out. Reward. Consumers know they should only download apps from the Apple App store or the Google Play store. Still, the exploitation of their trust and the emotional urgency to act on the messaging divert their attention away from verifying that the app is in the app stores above. The best way to prevent fraud is to eliminate the opportunity. Security products that continuously search for fake instances of apps by using a financial institution’s name or branding are available. These services can automatically take down fake apps before the consumer has the opportunity to download them. The best offense is a good defense.
Education, Vigilance, and Hurdles
Magic and fraud are successful because of meticulous preparation and flawless execution. Consumers fall victim to fraud because they are multitasking and not scrutinizing potentially fraudulent situations, and they overlook suspicious requests because they are coming from a familiar source. Two tactics that your credit union can use to fight fraud are member education and the use of authentication hurdles that make it difficult for a fraudster to steal member information and transact on their account. In the case of member education, constant anti-fraud messaging in every channel is a preventive measure. However, suppose the member gets tricked into providing their personally identifiable information enabling the fraudster to log into their account. In that case, two-step authentication hurdles increase the fraudster’s difficulty in taking action. Two-step authentication at login is an example of a hurdle. Requiring two-step authentication when an attempt is made to change personally identifiable information such as a physical address, phone number, email address, or password is another hurdle. And requiring two-step authentication when a large transaction amount is attempted is a third hurdle. While members may find these hurdles inconvenient, their purpose is to make fraud difficult. Fraudsters are interested in the path of least resistance. The more effort required to commit fraud, the higher the probability that the fraudster will lose interest and move on.
As we mentioned earlier, fraud is a pretty remarkable act. Many people who read about successful fraud are amazed that the victims did not see the warning signs. The victims should have known that their financial institution would never ask them to click on a link in an email to log in and verify their account information. They should have known that their financial institution would only direct them to download an app from the official app stores. They should have known someone was close enough to look over their shoulder and steal their card information. To that, the fraudsters say: “ I need a participant for my next trick. I’ll pay you $500 if you can tell me how it’s done.” And just like that. Poof. The money is gone.