Kaspersky research shows sharp increase of account takeover incidents in 2020
Woburn, MA – February 3, 2021 – Kaspersky today shares new research, which found that every second fraudulent transaction in the finance industry was an account takeover in 2020. According to anonymized statistics of events detected by Kaspersky Fraud Prevention, from January to December 2020, the share of such incidents increased from 34% in 2019 to 54% in 2020. The two schemes to gain access to a bank account, ‘the rescuer’ and ‘the investor,’ remain among the most common since 2019.
The importance of digital financial services and e-commerce increased last year with people spending more time at home as a result of the pandemic. Kaspersky experts suggest that this caused a spike in social engineering techniques being exploited by cybercriminals.
In addition to the rise of successful account takeovers, in 12% of fraudulent incidents, legitimate remote administration tools (RAT) such as TeamViewer were misused in an attempt to gain access to user accounts.
Pic 1. Share of fraudulent cases detected by Kaspersky Fraud Prevention in 2020
The Kaspersky Fraud Prevention team distinguishes that there were two common types of approach used by attackers to obtain access to accounts, both continuations from similar trends noticed in 2019. The first tactic sees scammers masquerade as ‘the rescuer’ where they pretend to be security experts and act out scenarios to ‘save’ users. They call bank customers posing as security officers and report suspicious charges or payments and offer their help. The rescuer may ask customers to verify their identity through a code sent in a text message or push-notification, to stop a suspicious transaction or to transfer money to a ‘secure account’. They can also ask a victim to install an application for remote management pretending that it is required for troubleshooting. The scammers often introduce themselves as employees of the largest bank in the potential victim's region and use a spoofed caller ID for incoming calls to pose as a real bank.
In the second approach, cybercriminals act as ‘the investor’. This scenario involves fraudsters posing as employees of an investment company, or as investment consultants from a bank. They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client's account, without having to go to a bank branch. As a prerequisite for providing the ‘investment service’, the investor asks the potential victim for the code received in a text message or push notification.
“Bank clients always place a high value on ease of access to their accounts and performance of usual financial operations, and now this has become especially important,” explains Claire Hatcher, head of business development for Kaspersky Fraud Prevention. “That is why we believe that solutions for the financial industry should provide a high level of security measures - including protection against fraud - which are seamlessly integrated into the user experience. And of course, it’s worth regularly reminding clients about fraudsters’ techniques, so that they are likely to notice something.”
To help individuals and businesses stay protected from ever-changing fraud techniques, Kaspersky recommends online services and retailers adopt the following measures:
- Limit the number of attempts to conduct a transaction; cybercriminals may try several times to enter correct credentials
- Educate your customers on possible tricks malefactors may use. Regularly send them information on how to identify fraud and the best way to behave in this situation
- Conduct annual security audits and penetration tests to find security issues in a company’s network
- Have a dedicated fraud analysis team capable of finding and analyzing the emerging methods fraudsters are using
- Implement multi-factor authentication to minimize the chance of accounts being taken over
- Install a fraud prevention solution that can be quickly adapted for identifying new attack schemes and methods
This Kaspersky Fraud Prevention report is based on incidents associated with cybercrime and on data detected by Kaspersky Fraud Prevention after thorough analysis of consumer behavior in the banking sector and e-commerce. To find out more about the main fraud vectors companies faced, read the full report here.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.