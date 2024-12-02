Irina Ionescu, Senior Editor at The Paypers, uncovers the key takeaways from the latest webinar featuring Incognia, the European Payments Initiative (EPI), and ING Bank Romania, on how social engineering enables various types of fraud, including APP, scams, ATO, and mule activity.

A growing share of financial fraud relies on manipulation; fraudsters are manipulating legitimate users into authenticating, approving payments, or handing over access themselves. To financial institutions, these events look normal — the right user, credential, and device — even though what’s really happening is fraud. Often, social engineering can feel more like a human problem rather than a security problem. However, these attacks create early behavioural and contextual indicators, making it possible to identify manipulation as it’s unfolding, and potentially stop customers from becoming the victims of fraud.

In a recent webinar featuring Incognia, ING Bank Romania, and the European Payments Initiative (EPI), The Paypers set to discover how social engineering enables authorised push payment (APP) fraud or account takeover (ATO), why social engineering isn’t invisible and how the right tools can surface it early, and how fraud teams actively identify social engineering schemes by looking at intent, context, and continuity, rather than just individual transactions.

The webinar ‘Social engineering: solving the most difficult fraud challenge’ featured André Ferraz, Co-Founder and CEO of Incognia, Alin Becheanu, Head of Fraud Monitoring & Prevention at ING Bank Romania and the President of the Romanian Association for the Prevention and Combating of Fraud, and Sune Gabelgård, Fraud Manager at the EPI.

Below, we have summarised the main findings of the webinar.

The anatomy of a social engineering attack

Alin Becheanu started the conversation by walking the audience through the step-by-step playbook fraudsters use to manipulate victims. The scenario always begins with establishing trust and creating urgency – fraudsters usually impersonate a bank, a police officer, or tax authority to create a compelling pretext. Then, the victim is isolated, told not to contact anyone else to avoid ‘compromising an investigation’ or endangering their funds. Next comes the hook – the victim is either coached into pushing a payment themselves (APP fraud) or persuaded to install a remote access tool such as AnyDesk or TeamViewer, allowing the fraudster to take full control of their device.

The fraud is presented as the solution, since victims believe they are securing their funds or completing a legitimate process. Further into the conversation, Alin Becheanu shared the case of a single victim who was defrauded three times in a row – first through an investment scam, then through a fake tax payment, and finally through a bogus recovery agency – all by the same fraud ring.

Money mules – the criminal infrastructure behind scams

The conversation turned to how fraudsters build the infrastructure required to move stolen funds. Sune Gabelgård explained that the mule account operations have evolved from simple recruitment into sophisticated criminal enterprises. He shared another compelling case of a woman whose digital identity was stolen through a smishing attack. Six months after, criminals used the stolen identity to open an account she wasn’t aware of. When the bank’s AML flagged suspicious activity, they unknowingly communicated with the fraudster, effectively tipping them off and allowing the operation to continue.

André stepped into the discussion, reinforcing with data from Incognia’s work across multiple financial institutions. In one case, a bank discovered that approximately 4% of newly analysed accounts showed mule-like behaviour. In another, 28 devices operating from a single apartment were linked to 2,900 accounts, yet only 11 had been previously flagged. A single Samsung device using an app cloner called Parallel Space was found accessing 1,200 accounts. These examples illustrate the sheer scale of mule infrastructure and the urgent need for better detection.

AI and instant payments are accelerating the threat

The panel also addressed how GenAI and instant payments have supercharged social engineering. Alin Becheanu noted that instant payments have eliminated the recovery window; in other words, once money moves, the chance of getting it back is less than 1%. Then, Sune highlighted how AI has made scams increasingly more convincing, from deepfake celebrity endorsements promoting investment schemes to hyper-personalised phishing campaigns. However, there might be a silver lining – the rise of AI-powered fraud has helped spread awareness that anyone can become a victim, breaking down a misconception that only the naïve fall prey to scams and fraudsters.

The detection dilemma: when everything looks legitimate

A live poll during the webinar revealed that most attendees estimated 50-75% of their fraud losses involve technically authorised actions. This underscored the central challenge that in social engineering cases, all traditional trust signals, including correct device, valid credentials, familiar IP address, and successful authentication check out. As Becheanu mentioned, social engineering compromises the customer’s intent and not their credentials.

The most dangerous assumption institutions make is leaning back and claiming that if an action is authorised, everything is fine.

Building proactive defences

The webinar outlined a multi-layer approach to detecting social engineering before losses occur, which includes:

Behavioural deviation analysis : monitoring how customers navigate apps, the time-of-day transactions occur, and whether patterns deviate from historical behaviour — not just transaction amounts.

: monitoring how customers navigate apps, the time-of-day transactions occur, and whether patterns deviate from historical behaviour — not just transaction amounts. Proactive KYC for fraud : asking customers upfront whether they expect to make international transfers or large payments creates simple but powerful filters.

: asking customers upfront whether they expect to make international transfers or large payments creates simple but powerful filters. Behind-the-scenes detection : building security mechanisms that don't rely on customer interaction such as silent authentication, app navigation analysis, and overlay detection for remote access tools and keeping these methods hidden from both consumers and criminals can minimise risk.

: building security mechanisms that don't rely on customer interaction such as silent authentication, app navigation analysis, and overlay detection for remote access tools and keeping these methods hidden from both consumers and criminals can minimise risk. On-call detection : identifying whether a customer is on an active phone call while initiating a transaction to a new beneficiary is a strong indicator of coaching.

: identifying whether a customer is on an active phone call while initiating a transaction to a new beneficiary is a strong indicator of coaching. Cross-institution collaboration : banks must increase their efforts to build real-time transaction scoring systems, enabling both sending and receiving institutions to flag suspicious activity.

: banks must increase their efforts to build real-time transaction scoring systems, enabling both sending and receiving institutions to flag suspicious activity. Mule account detection: André detailed techniques, including identifying account handover signals, detecting multiple accounts accessed from single devices, and using location fingerprinting to find clusters of devices managing thousands of accounts from one physical location.

Finally, the panellists also stressed the importance of building a partnership with customers that empowers them to make informed decisions rather than simply training them to click through warnings. Simple, concise actions like encouraging customers to hang up and call back on a verified number can make a real difference.

Conclusion

Social engineering represents one of the most challenging fraud problems financial institutions face today, but it is not an unsolvable one. The key is to shift from reactive, customer-reported detection to proactive, real-time systems that analyse behavioural context, device signals, and cross-institutional intelligence. Education alone is not enough – but by investing in technologies that work silently behind the scene and building strong partnerships with customers, social engineering can be avoided.

