International
Fraud Awareness Week is being observed November 17-23, 2024. It serves
as a crucial initiative aimed at raising awareness about the pervasive
issue of fraud that affects individuals, businesses, and governments
worldwide. This week-long campaign brings together organizations,
government agencies, and individuals to collectively address the
challenges posed by fraudulent activities, ranging from financial scams
to cybercrimes. The overarching goal is to foster a global community
that is well-informed, vigilant, and equipped to identify, prevent, and
combat fraudulent practices.
As part of this initiative, industry experts contribute their
insights to the ongoing dialogue surrounding fraud prevention.
Commentaries from these experts provide valuable perspectives on the
evolving nature of fraud, emerging threats, and innovative strategies to
safeguard against deceptive practices. The collective expertise of
these professionals plays a pivotal role in shaping a comprehensive
understanding of the challenges posed by fraud in the contemporary
landscape.
In a world increasingly interconnected by technology and global
financial systems, the significance of International Fraud Awareness
Week cannot be overstated. By fostering collaboration and
knowledge-sharing among industry experts, this initiative plays a vital
role in fortifying the defenses against fraud and promoting a safer,
more secure environment for individuals and organizations alike. As we
navigate the complexities of the modern era, the collective efforts
during this awareness week underscore the importance of remaining
vigilant and proactive in the ongoing battle against fraud.
++
Patrick Harding, Chief Architect at Ping Identity
"As our world becomes increasingly digital, fraud continues to
grow at an alarming rate. Companies and individuals risk losing millions and
cybercriminals are only becoming more adept. With AI, it's easier than ever for
them to create fake identities, send phishing emails, forge identity documents,
and even impersonate individuals with tools like voice cloning and deepfakes.
In fact, 36% of people have experienced identity fraud, with
financial fraud (18%), account takeover (9%), and impersonation (8%) being the
most common.
These attacks are becoming harder to detect, even with
cybersecurity measures. This International Fraud Awareness Week, both
businesses and individuals must stay one step ahead by using robust solutions
with built-in prevention, detection, and real-time threat response. By focusing
on identity risks and remaining vigilant, we can spot fraud earlier and stop
cyber criminals before the damage has already been done."
++
Kaarel Kotkas, Founder & CEO at Veriff
"More than nine-in-ten teens use the internet daily, and they
comprise a large part of the online population. While online, they are
regularly exposed to fraud - nearly three-quarters (70%) of Gen Z reported
encountering fraud at least once in the last 12 months. This International
Fraud Awareness Week, we should focus on protecting vulnerable groups like
minors from the dangers of online fraud.
While youngsters may seem extremely tech-savvy, their limited
experience often makes them more vulnerable to fraudulent and criminal activity
online. They don't always have enough skills to know when they're being
scammed, or if the content they are exposed to is AI-generated.
Some online platforms are taking steps towards self-regulation,
and some ongoing regulatory conversations are already starting to pressure
businesses and big tech platforms, such as Apple and Meta, to prioritize the
protection of minors over engagement growth. Implementing more comprehensive
protocols and identity verification tools not just for compliance checks but
for actual fraud prevention is critical to ensure that online environments are
safe for users of any age. The imperative for online companies is to be
proactive in protecting their users, and this is something that many consumers
expect already today."
++
Carla Roncato, VP of Identity at WatchGuard
"While external risks such as cyber scams, ransomware, and
identity theft are frequently headline news, insider risks can be difficult to
detect and equally damaging for organizations. Insider risks can be
intentional, such as data theft or sabotage by disgruntled employees, or
unintentional, accidental data leaks or policy violations.
Employees, contractors, and suppliers with insider access can
compromise or bypass information security controls to let in bad actors for
profit, exploit privileges in financial and procurement systems to conduct
fraud for financial gain and enact (intentional or unintentional) exfiltration
of customer data and intellectual property to sell across dark web data
marketplaces.
An insider risk management program could focus on the following
areas:
-
Creating company policy guidelines with clear, established
definitions of acceptable use of company resources, data handling, and
consequences for violations.
-
Establishing least-privilege, role-based access controls to
ensure employees only have the minimum access to least the information
necessary for their job functions,
-
Utilizing monitoring and detection capabilities such as user activity
monitoring of unusual behavior that could indicate a potential insider threat
and behavioral analytics using machine learning to identify patterns that
deviate from baselines and norms.
-
Developing an incident response plan with specific steps to take
when an insider threat is detected along with the ability to conduct forensic
investigations to understand the scope and impact of an incident.
-
Fostering a culture that promotes transparency and trust where employees
are comfortable reporting suspicious activities alongside training that
provides a clear understanding of the potential consequences of insider fraud
and risk activities."
++
Jordan Avnaim, Chief Information Security Officer at Entrust
"Identity fraud is a threat that permeates all sectors, from
banking to real estate to healthcare. As businesses continue scaling their digital-first services,
secure identity verification is more important than ever to battle escalating cyber threats.
Organizations looking to successfully implement strong identity
verification tactics should seek to build fraud prevention into the entire customer lifecycle. By
combining biometric checks and document validation, organizations can adopt a layered approach,
enabling businesses to dial fraud prevention measures up or down as needed to balance the
level of friction with the level of risk an individual poses.
AI is poised to significantly enhance fraud prevention efforts by
utilizing advanced micro-model architectures to detect specific fraud markers more effectively
than traditional methods. By automating these processes, businesses can better identify leading
threats like document fraud and counter the increasing sophistication of fraudulent
activities."
++
Will LaSala, Field CTO, OneSpan
"As we observe
Fraud Awareness Week, it's crucial to recognize the growing threat to sensitive
transactions-such as wire transfers, those involving personal data, or
transactions with elevated privileges. With billions lost to online payment
fraud last year, cybercriminals continue to exploit weaknesses in the software
supporting these transactions. Fraud tactics are also becoming more
sophisticated, with AI being increasingly used to carry out highly personalized
attacks, including the creation of realistic forged documents. Unfortunately,
many countries still lack the necessary security features to detect these types
of fraud, making this a global issue that demands urgent attention.
In addition to
AI-driven threats, traditional attack methods like account takeover, phishing,
and smishing, along with social engineering techniques, continue to pose
significant risks. While FIDO2 adoption is a step forward for strengthening
authentication and combating fraud, many implementations still struggle with
successful real-world applications. Organizations must ensure that attackers
cannot bypass FIDO2 by exploiting weaknesses in areas like insecure user
workflows or account recovery-or they risk undermining the very security
enhancements they are trying to implement. To outpace fraud in 2024 and beyond,
we must remain proactive in addressing our threat landscape and implement
comprehensive security measures-across logins, transactions, and documents-to
better protect against current and emerging risks."
++
Raffael Marty, EVP and General Manager,
Cybersecurity, ConnectWise
"Cyberattacks are on the rise. As an example, in 2023, ransomware
attacks rose 94% for SMBs compared to the prior year. Threat groups
are also expanding their use of malware and fraud related activities,
oftentimes by phishing users and impersonating sites that have a good
reputation and appear trustworthy. Fraud-related cyberattacks pose a prevalent
risk to businesses and individuals, leading to costly and time-consuming
consequences.
To combat this growing issue, MSPs can adopt stricter
cybersecurity measures such as solid security controls, advanced threat
detection, real-time monitoring, and incident response. Additionally,
businesses must establish strong baseline security measures and maintain
visibility and control over their security practices. This International Fraud
Awareness Week is a reminder that MSPs must proactively approach security
postures by educating their customers about the top fraud risks while providing
the insights they need to stay one step ahead of cybercriminals."
++
Bala Kumar, CPTO at Jumio
"International Fraud Awareness Week arrives at a critical time. With AI tools becoming widely accessible, fraudsters are now leveraging generative AI to create synthetic identities, deepfakes, and advanced fraud tactics that bypass traditional security measures. Legacy tools like multi-factor authentication (MFA) are no longer sufficient; businesses need AI-powered defenses to accurately verify identities and detect digital manipulation. Biometric verification and liveness detection have become essential, allowing businesses to detect and stop sophisticated fraud before it escalates.
This week shares a valuable message about the need for proactive, adaptive fraud prevention. As fraud tactics evolve, businesses must harness the latest technologies to stay secure, using AI to counter AI-enabled threats. Educating consumers on the dangers of digital fraud is also crucial to building a more resilient digital ecosystem. International Fraud Awareness Week serves as a reminder that combating fraud today requires innovative, forward-looking strategies that empower organizations and individuals to navigate the digital landscape securely and with confidence."
++
Randolph
Barr, CISO, Cequence Security
"Fraud Awareness Week arrives
at a crucial time as retailers and shoppers brace for an increase in cyber
threats targeting sensitive data and causing significant disruption. Fraud
continues to cost companies, governments, and individuals billions of dollars
each year, making proactive security measures more important than ever.
The combination of reduced
staffing and a surge in online activity driven by seasonal sales and promotions
creates an ideal environment for cybercriminals to exploit vulnerabilities.
Without robust bot and API protection, retailers face the very real risk of
substantial financial losses, customer trust erosion, and reputational
damage.
In today's digital-first
retail environment, APIs are essential for powering seamless customer
experiences, from payment processing and inventory management to personalized shopping
journeys. However, these same APIs also present a vulnerable attack surface. If
left unsecured, they can become an entry point for fraudsters to infiltrate
systems and steal sensitive data.
Furthermore, the introduction
of AI into retail services can expand the attack surface, introducing new
vulnerabilities that attackers can exploit. As AI becomes more integrated into
retail operations, from personalized shopping experiences to inventory and
supply chain management, the risks associated with securing these systems
multiply.
Recent data from the Labor Day
sales gives us a glimpse of the threats ahead. Cequence observed a staggering 79% increase in
blocked bot traffic compared to last year, underscoring the growing
sophistication of cybercriminals. This surge highlights the urgent need for
retailers to adopt proactive security measures to safeguard not only their
websites but also their APIs and overall digital infrastructure."
++
Matt Aldridge, Principal Solutions Consultant at OpenText
Cybersecurity
"Fraud
Awareness Week should serve as a stark reminder for businesses and consumers to
remain vigilant. Fraud is an ongoing challenge for organisations - as the
breadth, quantity and quality of cyber attacks continue to escalate. For
the first time since 2017, there has been a steep rise in infection rates for
both business and consumer devices this year. OpenText Cybersecurity Threat
Perspective 2024 report observed growth in
infection rates in North America, Europe, Africa and Australasia from 2022 to
2023.
As
cybercriminals evolve, there are a myriad of techniques available at their
disposal, the most effective and pervasive of these are the various flavours of
phishing attacks, but these are often just the first stage of a broad scheme
designed to rapidly extract funds from a target. Other key tactics and
techniques include business email compromise (BEC) attacks - which in general
are the most profitable of all attack types. BEC attacks continue to
grow, and are now even being boosted by the use of deepfake and other
AI-powered technologies to greatly increase success rates.
Online
marketplaces and e-commerce are of course far from immune to abuse, and attacks
against these continue to grow and evolve, including fraudulent listings,
payment scams, counterfeit goods, account takeovers and fraudulent chargebacks.
For
businesses, the most important approach to defend against these fraudulent
attacks is to spread awareness within the organisation, to upskill and empower
all workers to identify attacks at the earliest possible stage. Beyond
this, it is critical that inbound communications are thoroughly screened before
being presented to users, be they emails, SMS, or even old school postal and
fax communications - all of these are open to abuse, and users must
increasingly expect to be socially engineered by phone calls, voicemails and
even video calls.
For
consumers, baseline precautions for all to follow are: keep your systems up to
date with the latest patches and OS versions and use unique, secure passwords
which have been generated within a password manager. Additionally, when
possible, switch to passkey or token-based authentication instead of passwords,
and always enable multi-factor authentication!"
##