There's one fraud pattern that's highly predictable: When the economy goes down, fraud goes up. In the wake of COVID-19, the Great Recession of 2008 provides some important lessons that can help enterprise security teams protect their companies and employees against the increased risk of fraud.
Criminals Exploit Vulnerabilities
Let's first take a look at some of the broad similarities between 2008 and 2020. As in 2008, consumer debt is today at an all-time high — in fact, it's even greater than during the peak of the Great Recession. Unemployment has surged, with current rates higher than any time since the Great Depression of the 1930s.
The pandemic of 2020 has affected a wide range of American workers, especially those with customer-facing jobs that pay an hourly wage. People who have suddenly found themselves unemployed are most concerned about securing necessities such as food and shelter, and more are using credit cards to pay for rent and groceries.
These challenging economic conditions make many people, including employees, more vulnerable to being exploited by criminals.
A Surge of Fraud Types Old and New
In 2008, there was a sharp increase in fraud incidents (and losses) due to: collusive fraud rings in which groups of criminals conspired to defraud a large number of institutions and credit card issuers, and bust-out fraud perpetrated by individuals with either genuine or synthetic identities, running up high balances and intentionally defaulting after making a few normal-looking payments.
There are early signs that both of these are again on the rise in 2020, but here's what's different about fraud and some greater security risks during the COVID:
- Phishing attacks are multiplying: Anxious employees are more susceptible to phishing emails claiming to have information about COVID-19 cures and economic stimulus payments. A large-scale move to work-from-home also creates new susceptibilities for hackers to exploit, such as a fake emails from executives asking for "help," particularly with financial transactions. These emails can plant malware and entice employees with financial access to inadvertently send funds and other valuable company information to fraudsters.
- Money mule scams are on the rise: Economic uncertainty leads to consumer vulnerability, and more consumers are getting swept up in scams involving "cash prizes" and opportunities to "earn $100,000 from your home!"
Education and Prevention for All Parties
To protect their company and employees both inside and outside of work, security professionals should address the pandemic's fraud landscape with increased monitoring and a strong employee education program. Particularly, security teams should start by identifying high-risk employees and partners.
Your newest hires, temporary staff, and any new offshore employees your organization enlists are a significant risk. Some are new to the roles and being trained in jobs they haven't done before, and with the influx of COVID-related business interactions, such as higher call volumes at call centers, organizations are also asked to scale quickly and manage complex employee and customer issues quickly.
With that in mind, resources to detect inbound phishing emails should be expanded, and all employees should be educated on the latest trends in COVID-themed scams such as money muling and phishing.
Believe it or not, but your C-suite may be at greatest risk: After all, the more access an executive has within your organization, up to and including the CEO, the more valuable that person is as a target. In one recent example, a criminal impersonated the leader of a UK-based energy firm using voice-generating artificial intelligence software and convinced a chief executive to wire the equivalent of $243,000.
To avoid a similar situation, your organization should consider the likelihood of each employee and partner's vulnerability to fraudsters and the potential damage they could cause if compromised. The next step is then implementing the right risk management process — parts of it customer-facing, others behind the scenes.
3. Business Partners
It's important to not forget your business partners represent a risk as well. Many companies have fallen victim to a data breach connected to vendors and resellers that had access to many of their systems and in many cases conducted business on their behalf.
Overall, through vigilance and education of high-risk employees and heavily integrated business partners, enterprise security teams can use lessons learned from previous crises to navigate the pandemic with minimal disruption, ultimately mitigating security and fraud risks within an organization.