The collapse of Silicon Valley Bank (SVB) has sent shock waves through global financial markets over the beginning of March 2023. Financiers and tech entrepreneurs have spiraled upward and downward on an emotional roller coaster after a massive bank run that followed a stock crash and an imminent threat of insolvency.
Because times of uncertainty and fear, when people are forced to make important decisions with little time to spare, create an ideal opportunity for fraudsters and scammers, we compiled a list of common fraud MOs (Modus Operandi) to look out for, along with ways to thwart them.
Bank helpdesk phone scams: In this scam, fraudsters contact victims and impersonate bank helpdesk or call-center employees. They usually present a specific problem (payment blocked, suspected fraud, etc.) and try to manipulate victims into transferring funds to an alternative account or providing them sensitive financial information.
CEO/CFO email fraud: Also known as business compromise fraud. This scam is perpetrated by fraudsters who compromise the email accounts of known associates of their victims. It originates with social engineering or account takeover to gain access to the CEO/CFO's email account first. Then, the fraudster uses the access to send a message to the victim requesting a money transfer.
Account takeover (ATO): Account-based attacks where fraudsters hack into commercial or personal accounts using manual and automated techniques. Common methods include buying stolen credentials on the dark web, credential harvesting through phishing or social engineering, automated attacks such as credential stuffing or brute force attacks, and more sophisticated MOs like Remote Access Trojans (RAT), Man-in-the-Middle (MitM) or Man-in-the-Browser (MitB) attacks.
Payment hijacking: Another common method is taking over the payroll system linked to the company account (through ATO or social engineering) and changing payee information to hijack payments or fund transfers.
FDIC deposit fraud: At the beginning of March 2023, the Federal Deposit Insurance Corporation (FDIC) has received several complaints regarding suspicious emails or messages supposedly sent from the agency. Relying on people’s trust in the federal agencies, fraudsters use the FDIC's name and credibility, and even the names of real employees found on LinkedIn to perpetrate these schemes.
Fake insurance claims through identity theft: In this MO, fraudsters use stolen identities and KYC/KYB information to impersonate legitimate businesses impacted by SVB's collapse and file fake insurance claims.
Educate your teams about these impending risks and raise awareness. Short training sessions on good ‘cyber hygiene’ and identifying suspicious or fraudulent emails could be beneficial.
Always verify who you are talking with. Use other communication channels or call the individual directly based on publicly available contact information to ensure that you are speaking to the right person or entity.
Be aware when transferring funds to a new bank account. Double-check the routing information before approving any wire transfers.
Harden your payment authorisation processes with financial personnel using various confirmation methods—for instance, written or verbal consent by more than one executive team member.
Voluntarily deploy multi-factor authentication challenges along additional touchpoints of the payment process to ensure no single point of failure.
Although we may see heightened attempts at fraud and scams, we have more opportunities and tools than ever to identify and stop these attacks. Therefore, it is crucial to stay alert in the near future until the calm after the storm.
Uri Arad, Identiq’s VP Product, has been fighting fraud and fraudsters for more than a decade and has seen the fraud and identity challenge from diverse perspectives: product, risk, and R&D. Before Identiq he was the Head of Analytics and Research at PayPal’s risk department. He holds a Master’s Degree in Computer Science from Tel Aviv University.
About Identiq
Identiq is a private network for identity validation that allows companies to safely collaborate with each other in order to validate customer identities – without sharing any sensitive customer data or identifiable information at all (not even with Identiq). The peer-to-peer network includes some of the world's largest consumer-facing companies collaborating through Identiq’s patented technology to identify trusted users, fight fraud, and offer better customer experiences.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now