Cybercrime – a constant concern amid the pandemic

The world we are currently living in: fraudsters vs victims – who’s winning?

The influence of the pandemic is felt cross-industry, globally, and locally. Few things have been left unaffected by this crisis, and like the old saying goes ‘Never waste a good crisis’, COVID-19 offers plenty of opportunities for those with ill-intent. The attack surface of cybercriminals has vastly grown now that so many are forced to work from home. Additionally, with physical stores remaining closed, consumers have been forced to turn to buying goods online, which led to a further increase of the attack surface for bad actors. 

Challenges and issues

In a 2020 consumer report by Accenture, consumer spending habits in the week after the COVID-19 outbreak decreased by more than 75%. Spending patterns have changed significantly as more consumers and businesses move to digital. Especially vulnerable are those not accustomed to the fast pace the digital world is evolving, such as those of age on a consumer side, along with small business forced to rapidly adopt prior unfamiliar digital ways of working. 

As confidence levels are lower and anxiety is higher, fraudsters are taking advantage of ignorant, uncertain consumers. As they are not accustomed to a digital environment, this may lead to the collection of online credentials, or so-called drive-by-downloads containing malware, possibly infecting the systems of both consumers and businesses. 

The move to a digital way of doing business has called for solutions that cater to the needs of consumers and businesses alike. In an online space where contactless payments, instant bank transfers, multi-factor authentication, and paying through facial recognition are commonplace, consumers expect this level of security and safety is applied by all businesses. They want a safe and versatile shopping experience, freed from any signs of phishing, smishing (phishing by text) or other forms of digital fraud. For instance, cyber criminals have been sending fake package delivery text messages where people are coerced into clicking a link that leads to a portal where they need to fill in additional (credit card) details or pay for a package which is held at customs. Meanwhile businesses are looking for ways to attract revenue in the ever-growing marketplace of ecommerce. This desire for innovative and diverse solutions is a key driver for generating growth in these challenging times. 

The pandemic has created social engineering opportunities, including phishing campaigns in an accelerated pace. Digital awareness is key, as cyberespionage and cybercriminal groups will take advantage of this uncertain time for as long as companies do not take the minimal required measures to protect their consumers and employees. Since February 2020, the world has seen a 600% rise in phishing attacks, but also other methods of cybercrime such as whaling (targeting executives) are on the rise. Putting an exact number on the growth of cybercrime is tough, as companies are not likely to come out in public if they do not have to, and private individuals feel embarrassed and ashamed about the fact that they became a victim of cybercrime. 

Tips on how to escape fraudsters

To stay ahead of the ever-evolving cyberthreats, continuous reinforcement of the digital world is paramount. Ensure that employees and contractors are conscious of information protection procedures, when storing data, but also when sending or receiving data. Working from home offers new security challenges, which can partially be solved by deploying a Virtual Private Network (VPN) and proper protection of devices used at home, such as making sure that all software on devices is up to date. Solutions supporting business operations in running smoothly during massive remote work scenarios are rising rapidly, including performance monitoring of systems and information security to help protect remote workers from sophisticated cyber attacks.

Next to ensuring internal procedures, one would be wise to continuously test the measures implemented. Moreover, check and guarantee that your brand is not misused online, to counter the most prevalent forms of fraud. Concurrently, initiate (consumer) awareness campaigns through available online channels in order to educate consumers how to recognise and avoid online fraud, social engineering, and phishing. 

In addition, the accelerated move to digital platforms and remote working has distanced people from their colleagues. Add in the financial distress and accompanying urgency, and one has an ideal environment where due diligence will be rather skipped than complied to. Therefore, make sure to create time, or lower the thresholds, to review suspicious payments, especially business-to-business. A review of procedures, segregation of duties and applying the ‘four eyes principle’ will safeguard the organisation for being taken advantage of. One is after all better safe than sorry, referring to fraudsters cleverly pulling out EUR 19 million from the CEO of Pathé cinemas (and costing the CFO its job), for the shrewd fraudsters emphasised secrecy and discretion. 

Outlook

It is evident that the coming five years executives and senior management need to keep an eye out for new capabilities and innovations to prevent their consumers (and themselves) becoming a victim of online fraud. It is inevitable that by 2025, every business is an ecommerce business first, operating in a data-driven, cloud-based market, approaching consumers mostly through ecosystems and online marketplaces. 

For financial institutions, this would mean a renewed acceleration of the payment modernisation programmes, focusing specifically on those capabilities that counter the increasing costs of fraud, while ensuring that consumers and businesses have sufficient awareness and control over their online activities. Next to this, human interactions are imperative, as trust is key. 

Further digitisation of (physical) payment methods is unavoidable. However, without acknowledging the rapidly evolving digital threats, building a system of trust, and simultaneously gaining insight in the entire chain, it will be a challenge to remain in control. A challenge some companies may not be able to overcome.  

About Bruno Weijenborg 

Bruno Weijenborg is a Consultant Security Consulting at Accenture. Bruno started his career within digital forensic investigations in relation to fraud and cybercrime as well as privacy related topics. He engages with companies within the financial sector to become more resilient against threats to their cybersecurity, managing data loss prevention at clients, and mitigating compliancy risk. Bruno is passionate about making society a safer and secure place through technology and people.  

About Accenture

Accenture is a global professional services company with leading capabilities in digital, cloud, and security. Combining unmatched experience and specialised skills across more than 40 industries, we offer Strategy and Consulting, Interactive, Technology, and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 514,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners, and communities. Visit us at www.accenture.com.