Cyber-enabled fraud – a new era for organised crime
Fraudsters and criminal groups can buy “crime-as-a-service” products online, thereby scaling their criminal activities with new technology. The costs, monetary and others, can be huge. All are at risk.
Article information and share options
Organised crime goes digital
Organised criminal groups profit from several interconnected activities like trafficking of drugs, humans, arms and other illicit goods.1 Technology allows criminals to connect, and also to reach consumers. Another main profit earner is cyber-enabled fraud, which no longer requires high technical acumen: crime-as-a-service products or “business models” can be bought online.2 Cyber-enabled fraud does not depend on computers per se, but is enabled and scalable with new technologies. This is different from cyber-dependent crime like hacking and malware.3
Business email chains are a prime target for cyber fraudsters. They follow the communication in real time and wait for the right time to penetrate. This can be done in different ways, for instance by contacting a paying party just after a claim has been wired. The message is to say the payment did not come through, and the ask for the paying party to resend the same amount to a different account number.4 More advanced fraudsters can act as middle men, controlling the email traffic both ways and editing payment instructions.5 So-called “threat actors” can also add personal information derived from earlier messages when tracking an email chain, adding a sense of (false) trust.6
Last year, Commonwealth Bank of Australia said it registers about 85 million possible cyber fraud events a day, while JP Morgan says it is seeing an increase in the number of cyber hacker attempts daily, and that it employs more engineers than Google or Amazon to fight fraudsters.7 IBM stated in a report the average cost of a data breach is USD 4.45 million and that of a mega-breach USD 332 million.8 Beyond hacking emails, other types of cyber-enabled fraud are phishing, social media and mobile impersonation fraud, and employment scams. Illegal call centres have made cyber fraud scalable.9 In the summer of 2022, INTERPOL issued a warning that cyber fraud is escalating rapidly across the world, with online scam centres initially concentrated in Cambodia but since also appearing in other countries in southeast Asia, South America, East Africa and Western Europe.10
Think, check and act vigilantly
In the US, the FBI estimates that the total cost of domestic non-health insurance fraud could exceed USD 40 billion per year, equivalent to an average increase in annual premiums for one family of between USD 400 and USD 700.11 Like other providers of financial services, insurers manage large money transactions when helping clients recover losses from accidents, catastrophes and other adverse events.
As if all the above is not enough, a new era is already upon us: the use of Artificial Intelligence (AI) in cyber fraud. Deepfakes – artificial images and videos created by highly sophisticated AI tools – are now being used by organised groups.12 An example is bringing together an audio clip from social media or corporate video with an AI voice-synthesizing tool, for the purpose of staging a fake video call online, supposedly from a company’s CFO.
With many avenues for cyber fraud, in addition to robust cyber security infrastructure, companies should provide regular (and mandatory) awareness trainings for employees and conduct regular fraud risk assessments. Whenever a payment instruction or data-sharing request in an email or other online communication tool from a third-party is received, whether at home or at work, the response should be to think, check and act vigilantly. As part of corporate risk management, there should be a clear process for when it is OK to action payments, and easy access to internal fraud or compliance teams when in doubt.13
References
References
1 Organized crime, Interpol, 22 January 2024. Transnational organized crime: A threat to global public goods, Stockholm International Peace Research Institute, 2 September 2022. Organized Crime, UNODC, 22 January 2024.
2 European Union serious and organised crime threat assessment, A corrupting influence: the infiltration and undermining of Europe’s economy and society by organised crime, Europol, 7 December 2021.
3 Cybercrime – prosecution guidance, The Crown Prosecution Service (UK), January 31, 2024. Illicit Financial Flows from cyber-enabled fraud, The Financial Action Task Force, November 2023.
4 Online fraud schemes: a web of deceit, Europol Spotlight Report series, Europol, 2023.
5 Incident response casefile – a successful bec leveraging lookalike domains, Check Point Research, 5 December 2019.
6 Four Major Money Laundering Trends in The Insurance Sector, InsuranceEdge, 17 July 2023.
7 Deepfakes Are Driving a New Era of Financial Crime, Bloomberg, 23 August 2023. JPMorgan Chase says hacking attempts are increasing, CNN, 18 January 2024.
8 Cost of a data breach 2023, IBM, 2024. The mega breach example refers to 50–60 million of records lost.
9 121 arrests in operation against migrant smuggling and human trafficking, INTERPOL, 9 May 2022; Cambodia: Hundreds of Indians rescued from cyber-scam factories, BBC, 1 April 2024.
10 INTERPOL issues global warning on human trafficking-fueled fraud, INTERPOL, 7 June 2023.
11 Insurance Fraud — FBI, FBI.gov, 25 January 2023.
12 Sumsub Identity Fraud Report, Sum and Substance Ltd (UK), 2023.
13 CEO/Business e-mail fraud compromise, Europol, 2024. Business e-mail compromise, NCSC.gov.uk, 2020.
