COVID-19 Gives Cybercriminals New Ways to Attack
As lockdowns rolled out around the world, consumers became more reliant on their computers and phones than ever before, for education, work, shopping, socializing and so much more. All of our usual everyday activities went virtual, including potentially sensitive activities like our banking, creating new vulnerabilities for cybercriminals to take advantage of.
At the same time, contact centers around the world abruptly shifted to telecommuting, taking in an increasing number of customer service calls as customers worked through new challenges at home.
Call centers, especially for the life, health and annuity sectors, take in a variety of private information and data every day to solve customer issues, and that couldn't just stop because of this period of remote work.
In fact, at the height of the pandemic, some enterprise call centers saw call volumes increase by over 1,000% from normal levels, creating the kind of chaos opportunistic fraudsters are always on the lookout for.
In short, COVID-19 has created the perfect storm for fraud.
The evolving fraud landscape during COVID-19
Our entire world has changed during the COVID-19 pandemic, and the same holds true for fraudsters' ever-evolving tactics. Fraudsters know exactly when, how and who to target to get the biggest payoffs, and they certainly have let that show during the pandemic. By mid-April, the FTC had already logged over 8,000 new fraud cases, with reported losses reaching nearly $5 million. But how are fraudsters carrying out these attacks? In the call center, there are several common tactics fraudsters employ to trick agents into handing over financial details by pulling at their heartstrings.
One of the early appeals fraudsters employed was for emergency financial assistance due to travel restrictions. Fraudsters use the sensitive details they've stolen from phishing or other attacks to impersonate a banking customer, urging the call center agent to wire them money or send a new credit card while they are stuck out of the country.
Another common tactic carried out in the call center is caretaker fraud. In this scenario, a scammer calls into a banking call center pretending to be the caretaker of a customer who is sick and in need of financial assistance for medical bills, asking the agent to give them access to their account and related info.
And finally, fraudsters are taking advantage of the situation to urge banks to send them a new credit card at a different address, due to a last-minute move because of the pandemic. In this scenario, a fraudster may not only ask for a new card, but also for an increased spending limit due to recent unemployment or other COVID-19-related challenges.
But fraudsters aren't just targeting the call center. They're also targeting consumers at home, trying to get all of those private details and data they use to gain access to a bank account. There has been a noticeable increase in phishing emails and text messaging, with many fraudsters using the pandemic to trick consumers into sharing their details through fake websites and malicious links.
It hasn't helped that many consumers haven't taken any extra steps to secure their accounts while working from home. According to recent Pindrop research, nearly 70% of American consumers are using identical passwords across multiple accounts, making it easy for fraudsters to steal their information from multiple sources. Fraudsters are also targeting consumers by phone. A common scam fraudsters are using to target seniors is calling and telling them they need a new Medicare card for COVID-19 coverage, and asking for their social security number or other sensitive information in the process.
Outsmarting a Fraudster
With improved cybersecurity habits, it is easy to outsmart a fraudster. Yet, as evidenced by Pindrop's recent research, many consumers are still engaging in poor cyber habits that leave them and now even their employers at risk of account hacking and fraud. In addition to the almost 70% of consumers who use identical passwords across multiple accounts, over 60% store their passwords on computers and other devices, and during this period of remote work, over 40% have been using their company computers and devices for personal use or even allowing other family members to use them. To protect your personal information, simply don't engage in these habits — it's cybersecurity 101!
But there are other tricks to outsmarting a fraudster. Never give out personal information over the phone. If a representative from your bank calls you asking for personal information, hang up and call them back at the number listed on their website.
Before clicking a link or downloading an attachment in an email, double check the sender is who they say they are so you don't accidentally hand over your login details or other personal information to a fraudster. Paying attention to new scams and fraud trends will ensure you know what to watch out for when faced with a potentially fraudulent situation, but if something just doesn't feel quite right, exercise caution and don't hand over your — or a customer's — personal details.
Eventually, COVID-19 will be over. But the effects of the cyber breaches and fraud it has created will likely be longer-lasting. The trick for any consumer, or business, is to remain vigilant and use safe cyber practices to ensure your information doesn't end up in the hands of a fraudster.