April 24, 2020 - Ting Fang Yen

How is the Financial Fraud Landscape Changing as the World Adapts to COVID-19?

More attacks, new fraud techniques, and other observations from the front lines.

Financial platforms have always been a battleground for risk teams and sophisticated fraudsters. But the COVID-19 pandemic has upped the ante, putting extreme pressure on financial organizations to detect and stop new threat vectors across an expanding attack surface.

Huge volumes of consumers are flocking to online channels to buy goods and services — everything from groceries to gaming apps — as they shelter in place and avoid crowds. Additionally, many people are applying for loans via digital banking applications under the Paycheck Protection Program (PPP), which is designed to provide incentives for small businesses to pay workers during the quarantine. With the increased volume of digital loan applications comes an increase in digital fraud.

In a recent article on Medium, DataVisor’s Director of Research, Ting-Fang Yen summarized key findings from her research on traffic volume and fraud rates across financial platforms since the beginning of the pandemic. Here is what the research revealed:

  • Fraudsters are extremely active. Account takeover attempts increased by 20% since the beginning of March, and new account fraud increased by 40%. This is likely due to fraudsters attempting to cash out on government-issued stimulus packages that are being sent to individuals and businesses.

  • Transaction fraud has doubled since March, with fake check deposits, external account linking, account draining and declined transactions making up much of the malicious activity.

  • The use of spoofed or emulated devices has increased, particularly in coordinated waves of fraudulent loan applications.

  • Attacks that manipulate user-provided information such as usernames, email addresses and mailing addresses are finding their way to the financial domain, with a slight increase in March. This is a direct result of the increased use of online financial services.

  • Attacks are growing in size and scale, involving a higher number of fraudulent accounts and potentially doing more damage. Large attacks that involve tens of applications make up 45% of all attacks —- a 170% increase since January.

Fast-Changing Fraud Requires Real-Time Prevention

Fraudsters’ attack methods are constantly changing, and they use a variety of techniques to evade detection, such as using network proxy servers, emulators, jailbroken devices, and fake contact information and scripts. Proactive anti-fraud solutions that leverage unsupervised machine learning may be the only way to detect and prevent such attacks, as they can detect malicious activities early, without prior knowledge of the nature of the attacks. This capability is essential in today’s environment, as fraudsters are increasingly taking advantage of new threat loopholes.
To learn more about our findings, read the full Medium article.

about Ting Fang Yen
Ting-Fang Yen is Director of Research at DataVisor. Ting-Fang specializes in network and information security data analysis and fraud detection in the financial, social, and e-commerce industries. She holds a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.
about Ting Fang Yen
Ting-Fang Yen is Director of Research at DataVisor. Ting-Fang specializes in network and information security data analysis and fraud detection in the financial, social, and e-commerce industries. She holds a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.