The COVID-19 pandemic has changed the way business is done, how people interact with businesses, and the fraud landscape of 2022. According to Cybercrime Magazine, damages due to cyber-related crime are predicted to cost the world $6 trillion by the end of this year. A survey conducted by the Association of Certified Fraud Examiners found that 77% respondents have seen an increase in fraud events since the pandemic outbreak.
While fraud and cybercrime existed well before the pandemic, the environment it created allowed for exponential growth in fraud occurrences worldwide. As a result of the pandemic’s impact on business and lifestyle, certain types of fraud and cybercrime will continue to be high-risk in 2022.
Phishing scams and pandemic-related phishing.
Phishing – when an attacker sends a fraudulent message to trick the victim into sharing information or downloading malicious software – will continue to be a dangerous form of fraud, particularly amongst the fear and unknown that surrounds the pandemic. Fraud.net reports that phishing scammers most commonly falsify messages from Microsoft, Google, Facebook, Apple, and PayPal. Moreover, Google’s threat analysis group has reported blocking around 800 million COVID-19 related phishing emails per day.
How to protect yourself.
When it comes to email messages, recipients must examine the message closely before clicking links, opening attachments, or inputting any personal login information. Carefully analyze the sender’s name and email address for typos, odd characters, or other inconsistent details. Review the body of the email; is there a request to click on a link, share information, or urgent and threatening language used?
Fraudsters are clever, and these messages can appear legitimate at first glance. When receiving an unexpected message, it is best practice to contact the individual or organization from a known or official method with a phone call to verify the message.
Ransomware attacks.
Due to the pandemic, many organizations have transitioned to more digital solutions for their workforces. Because of this prolific change, ransomware will remain one of the biggest threats to cybersecurity in 2022. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Because many organizations keep critical information digitally, a successful ransomware attack could be debilitating.
According to FinancesOnline, in 2020 51% of organizations were targets of a ransomware attack. And of those, three-quarters of those attacks were successful in encrypting company data. Even more concerning is the fact that ransomware attacks are not reserved for the largest organizations. In fact, small and mid-size companies can be prominent targets, as their technology infrastructure may be less advanced than their larger counterparts.
How to protect yourself.
While there is no way to avoid being targeted in a ransomware attack, there are mitigating measures you can take to minimize the impact to your business:
- Keep antivirus software and firewalls updated
- Use and test backup data for your organization
- Avoid clicking on unfamiliar or suspicious links
- Limit publicly shared information
- Restrict administrative rights within your organization as necessary
- Train employees and remind them of best practices on an ongoing basis
- Report any threats immediately to the FBI
Increased business email compromise.
The pandemic led to nearly one-third of companies increasing remote work opportunities for their employees, and nearly half of the U.S. workforce is working from home five days or more per week. It is likely that even after the height of the pandemic, companies will continue to offer remote work to retain and attract employees.
The rise in remote work has contributed to an escalation in business email compromise (BEC). This form of fraud involves sending a deceptive email from a source that appears to be legitimate. The message may appear to be from a customer, vendor, or even a high-level employee. Many times, these emails request an urgent wire transfer.
How to protect yourself.
Extra due diligence can save organizations thousands of dollars in loss, since once a wire transfer is sent, it is nearly impossible to recover any or all of the funds.
- Train employees to “think before they click” on any links sent to them
- Use multi-factor authentication for VPN access and IP whitelisting to help strengthen remote access security
- Have a plan in response to a phishing attack; know who to contact and how to mitigate potential damage
- Verify any requests for payment, wires, or account changes using the contact information on file rather than information provided in an email
Payment fraud from increased e-commerce activity.
Social-distancing and closed storefronts led to a dramatic increase in online shopping. According to Synovus, consumer online spending increased by $105 billion over expected revenue in 2020.
It is likely that in 2022, consumers will continue to take advantage of the convenience of e-commerce. Consequently, this change in consumer behavior is an opportunity for scammers to commit payment fraud. This occurs when criminals use stolen or false information and unauthorized credit cards, gift cards, and digital wallets (such as PayPal®, Apple Pay®, Google Pay®, Samsung Pay®) to make fake purchases. The businesses are then stuck with the bill when the payments are ultimately returned, rejected, or disputed by the real consumers.
How to protect yourself.
There are a few ways businesses can protect themselves against payment fraud:
- Monitor the dollar amounts of sales transactions; the average fraudulent transaction is three times greater than a legitimate transaction
- Use a fraud protection platform, such as an address verification service, to confirm the cardholder’s billing address
- Look for orders that use payment types other than credit cards, and contact the buyer directly if you notice anything suspicious
Identity theft from government assistance programs related to the pandemic.
Government aid, such as the Small Business Association’s (SBA) Paycheck Protection Program (PPP) were widespread methods to help America’s businesses manage through the most challenging months of the pandemic. Similarly, consumer support programs like the Economic Impact Payment stimulus and adjustments to unemployment programs were also offered to help those negatively impacted by the pandemic.
The high number of recipients of these programs, combined with a tremendous amount of varying information being shared, resulted in a massive opportunity for criminals to exploit the system. Businesses and consumers alike were targeted by fraudsters claiming to offer federal aid in exchange for sharing private, financial information. This trend may not reach an all-time high like it did in 2020, but it is still a risk going into 2022.
How to protect yourself.
When searching for financial aid information, always start with a local financial institution or government website to learn more. It is critical to do your research before sharing confidential information with an unknown entity.
Businesses and consumers must be aware of the signs, risks, and ways to protect themselves from substantial financial losses due to fraud attacks. Scammers and hackers will always evolve, but their motives remain the same. They want to trick the individual into giving up information without resistance.
Learn from industry experts on fraud and cyber security. Receive access to tools and information that can better equip you to protect yourself and your business from the damaging effects of loss due to fraud.