Published: January 30, 2023
The threat of cybercrime is as prevalent as ever, so it’s vital that businesses in 2023 continue to be aware of the dangers.
At Unity Trust Bank, we take online security very seriously and want to make sure that our customers are familiar with the latest cybercrime tactics that are being used, so they can avoid falling prey to malicious criminals.
James Dockerill, Unity’s Financial Crime Operations Lead, reviews the top three threats experienced in 2022. He also looks ahead to the main cybercrime risks to watch out for in 2023.
There are ways to combat this type of fraud – for example having robust policies, see: https://www.charityexcellence.co.uk/Home/BlogDetail?Link=Charity_Policies; increasing the security levels for external payments to dual or triple authority (available for all Unity Trust Bank customers) and considering doing more than just having charity accounts independently examined.
Increased use of social media and open source searches to engineer/impersonate key personnel is a real danger.
Fraudsters use synthetic media to impersonate business profiles and resources on social media to misrepresent employees, execute scams against the company or other victims, or create replica websites to obtain sensitive data.
Driven by these types of soaring cyberattack risks, the identity theft protection market is expected to double in size over the next five years according to research carried out in 2022 by Fortune Business Insights. This is as a result of profiling companies such as Equifax, Experian, Kroll, McAfee and LexisNexis.
As such, everyone should be mindful about the amount of information they share with other people online, especially if this information is publicly accessible:
These will be more common as we move to a more tech-centric and tech-dependent society.
The recommendations are to follow NCSC guidance, have cyber insurance (if feasible) and ensure internet/device security is always on and current: https://www.ncsc.gov.uk/section/advice-guidance/all-topics
There has been a nine per cent increase in small and medium sized enterprise (SMEs) lending fraud since 2020.
Synthetic business credentials are created from stolen business and consumer data. They make it challenging for some banks to distinguish authentic loan requests from fraudulent ones
At Unity, we deploy a robust Know Your Customer (KYC) process. We ask security questions and insist on Multi Factor Authentication to help protect customers from this emerging trend.
In order to keep personal information online secure, many people are advised to use two-factor authentication. This provides an extra level of security when entering sensitive details such as passwords.
Fraudsters are aware of this extra layer of protection, and at the beginning of this year researchers at mobile security firm Pradeo discovered a fake app called ‘2FA Authenticator’ on Google Play, which was downloaded more than 10,000 times before it was removed.
The app disabled system security checks on victims’ devices and secretly installed malware that stole victims’ banking login data. Similarly, fake websites can ‘harvest’ sensitive data such as login credentials and parts of PINS/passwords.
As we roll out our digital banking platform, please ensure that the mobile device you use is ‘clean’. Only use the designated login method/site to access your Unity Trust Bank account.
A common technique deployed by fraudsters is to imitate or ‘spoof’ banks such as Unity.
Alternatively, scammers will make automated ‘robocalls’ with pre-recorded messages. These invite people to press numbers on the keypad to speak to them about an issue. These are often around a suspicious payment.
Criminal gangs will often have personal details about victims already. They possibly have this information as a result of a cyber attack or from social media. These details make the scam more believable.
Fake texts are also a way of enticing people to click on links that can at first appear legitimate.
Ultimately, fraudsters want personal information, or for victims to send money to a ‘safe account’ controlled by them. Again, be mindful that Unity Trust Bank will NEVER ask for passwords or PINs and our call centre is UK-based.
For more information on how to protect your business against fraud, visit our Customer Hub: https://www.unity.co.uk/customer-hub/