Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Doug Clare
Doug Clare
Connect Directly
E-Mail vvv

Fraud Prevention During the Pandemic

When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.

There's one fraud pattern that's highly predictable: When the economy goes down, fraud goes up. In the wake of COVID-19, the Great Recession of 2008 provides some important lessons that can help enterprise security teams protect their companies and employees against the increased risk of fraud.

Criminals Exploit Vulnerabilities
Let's first take a look at some of the broad similarities between 2008 and 2020. As in 2008, consumer debt is today at an all-time high — in fact, it's even greater than during the peak of the Great Recession. Unemployment has surged, with current rates higher than any time since the Great Depression of the 1930s.

Related Content:

Special Report: Computing's New Normal, a Dark Reading Perspective

How Better Intel Can Reduce, Prevent Payment Card Fraud

The pandemic of 2020 has affected a wide range of American workers, especially those with customer-facing jobs that pay an hourly wage. People who have suddenly found themselves unemployed are most concerned about securing necessities such as food and shelter, and more are using credit cards to pay for rent and groceries.

These challenging economic conditions make many people, including employees, more vulnerable to being exploited by criminals.

A Surge of Fraud Types Old and New
In 2008, there was a sharp increase in fraud incidents (and losses) due to: collusive fraud rings in which groups of criminals conspired to defraud a large number of institutions and credit card issuers, and bust-out fraud perpetrated by individuals with either genuine or synthetic identities, running up high balances and intentionally defaulting after making a few normal-looking payments.

There are early signs that both of these are again on the rise in 2020, but here's what's different about fraud and some greater security risks during the COVID:

  • Phishing attacks are multiplying: Anxious employees are more susceptible to phishing emails claiming to have information about COVID-19 cures and economic stimulus payments. A large-scale move to work-from-home also creates new susceptibilities for hackers to exploit, such as a fake emails from executives asking for "help," particularly with financial transactions. These emails can plant malware and entice employees with financial access to inadvertently send funds and other valuable company information to fraudsters.

  • Money mule scams are on the rise: Economic uncertainty leads to consumer vulnerability, and more consumers are getting swept up in scams involving "cash prizes" and opportunities to "earn $100,000 from your home!"

Education and Prevention for All Parties
To protect their company and employees both inside and outside of work, security professionals should address the pandemic's fraud landscape with increased monitoring and a strong employee education program. Particularly, security teams should start by identifying high-risk employees and partners.

1. Employees
Your newest hires, temporary staff, and any new offshore employees your organization enlists are a significant risk. Some are new to the roles and being trained in jobs they haven't done before, and with the influx of COVID-related business interactions, such as higher call volumes at call centers, organizations are also asked to scale quickly and manage complex employee and customer issues quickly.

With that in mind, resources to detect inbound phishing emails should be expanded, and all employees should be educated on the latest trends in COVID-themed scams such as money muling and phishing.

2. C-Suite
Believe it or not, but your C-suite may be at greatest risk: After all, the more access an executive has within your organization, up to and including the CEO, the more valuable that person is as a target. In one recent example, a criminal impersonated the leader of a UK-based energy firm using voice-generating artificial intelligence software and convinced a chief executive to wire the equivalent of $243,000.

To avoid a similar situation, your organization should consider the likelihood of each employee and partner's vulnerability to fraudsters and the potential damage they could cause if compromised. The next step is then implementing the right risk management process — parts of it customer-facing, others behind the scenes.

3. Business Partners
It's important to not forget your business partners represent a risk as well. Many companies have fallen victim to a data breach connected to vendors and resellers that had access to many of their systems and in many cases conducted business on their behalf.

Overall, through vigilance and education of high-risk employees and heavily integrated business partners, enterprise security teams can use lessons learned from previous crises to navigate the pandemic with minimal disruption, ultimately mitigating security and fraud risks within an organization.


Doug Clare is Vice President of fraud, Compliance, and Security Solutions at FICO. In this role, Doug heads FICO's fraud, financial crime, and cyber-risk businesses. With more than 25 years at FICO, he has deep expertise in helping banks and other businesses manage fraud, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-24
A cross-site request forgery (CSRF) vulnerability in Jenkins Claim Plugin 2.18.1 and earlier allows attackers to change claims.
PUBLISHED: 2021-02-24
Jenkins Support Core Plugin 2.72 and earlier provides the serialized user authentication as part of the "About user (basic authentication details only)" information, which can include the session ID of the user creating the support bundle in some configurations.
PUBLISHED: 2021-02-24
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
PUBLISHED: 2021-02-24
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
PUBLISHED: 2021-02-24
Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcoded cryptographic key. It finally leads to a file download and execution via access to crafted web page.