Exploring the risk terrain: Four key trends in online Fraud for 2024

1. Deepfakes, AI and phishing

We have now become used to warnings about deepfakes and AI, and the impact these threats can have on our online safety and even our democratic systems. Indeed, according to the World Economic Forum’s Global Risks Report 2024, misinformation and disinformation is the number one threat faced by the world over the next two years. 
Deepfakes are synthetic media whereby an image or video of a person is replaced with the likeness of someone else. Faking content in this way isn’t new, but the technology used to create it has become very complex. Techniques are being leveraged from generative AI and machine learning to create high-quality audio and visual content that is very successful in deceiving people.

Scammers use this technology to bypass and overcome facial recognition or voice biometric protocols put in place by financial institutions and other organizations. This adds new dangers to older threats, such as phishing. 

Traditionally, phishing has involved a fraudster recreating a legitimate-looking website or email domain of a trusted company and then sending links to malware via email, which unsuspecting people are tricked into downloading. More recently, phishing has evolved, and it now takes place via SMS (smishing), or by voicemail (vishing) when the Interactive Voice Response (IVR) system of a renowned company is copied and recreated.

There is also a significantly increased danger of AI-based phishing. The threat is recognised at the highest levels. For example, the deepfake danger was the focus of a recent information sheet from the US government, including the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA). This noted that deepfakes are a particularly concerning type of synthetic media, and highlighted the danger in phishing: "Phishing using deepfakes will be an even harder challenge than it is today, and organizations should proactively prepare to identify and counter it.”

Kaarel Kotkas, the Founder & CEO of Veriff, has emphasized the limitations of current AI technologies, stating, "We do not have a general AI, and self-supervision is not at a level where we can leave machines to manage themselves." He highlights the necessity of human oversight in AI decision-making to ensure the models are improved iteratively, keeping users' well-being and ethical considerations at the forefront. Furthermore, Kotkas advocates for developing mechanisms to identify and mitigate harmful biases in AI, involving human intervention in critical areas.

2. Synthetic identity fraud

There has been a substantial rise in fraud attacks in new account fraud enabled by a sudden increase in the creation of so-called ‘synthetic identities’. These identities are either faked, stolen, modified from real data, or bought on the dark web. 

Fraudsters use these synthetic identities to create fictitious accounts and profiles on platforms that can be then used for a range of illicit purposes, often as part of a larger scheme'.

Another way these identities are used is on online marketplaces that offer promotions to new customers. The synthetic identities are combined with stolen payment cards and dozens of non-existent individuals suddenly benefit. 

This type of fraud is part of impersonation fraud, which dominated the wider area in 2023, according to Veriff analysis, making up more than 85% of all fraud. Attempts to initiate the verification process using someone else’s physical document or synthetic IDs represented 13.7% of all fraud cases in the year.  

Robust identity verification techniques are essential for companies if they are to strengthen their foundations against new account fraud. An IDV process that ensure that the person doing the verification is real and who they claim to be is essential.  Processes that ensure applicants must put their real face forward (and provide sufficient evidence that they are who they say they are) when they are first creating their account are essential. 

3. Account takeover fraud

Account takeover fraud (ATO) is on the rise. This sees fraudsters gain access to a customer’s account without their permission using a two-step process. 

First, they access the account by deploying stolen information or information they’ve bought. Second, they make non-monetary changes to the account – for example, changing the victim’s personally identifiable information, their password, or requesting a new card – to eventually make unauthorized transactions that appear legitimate. Fraudsters rely on the fact that an established and trusted relationship between a service provider and a customer may well be subject to less rigorous anti-fraud processes. 

ATOs are certainly not new but they are expanding. It is likely we will see an increase in the number of attacks and the various ways that they are carried out. It is a worrying fact that although many companies spend millions preventing other types of fraud, ATOs are not taken as seriously as they perhaps should be. 

4. Social engineering

Social engineering involves criminals attempting to deceive people in order to manipulate them into divulging their personally identifiable information (PII). There is a shift to digital scams from traditional, face-to-face approaches, with fraudsters using fraud such techniques to enhance their credibility, boosted by the capabilities offered by digital technologies. 

When they gain access to this data, the fraudsters can use it for various means: for example, by using personal information like a mother’s maiden name, they can work to trick a mobile phone carrier into transferring a telephone number to their control. 

The worrying thing about this trend is that these scam artists do not have to be expert coders or sophisticated hackers in order to fool their victims. In effect, anyone could try this type of scam, which is why we all must be vigilant.

5. How Veriff can help?

Your business must put the correct detection processes in place to prevent fraud, protect yourself from financial losses, and beat back financial crime. These processes and systems can stop fraudsters before they’re able to access a user’s account and can be used to resist all the major types of account takeover fraud.

If you want to discover more about how our class-leading solutions can help a financial services business like yours, talk to our fraud prevention experts today. We’d love to provide you with a personalized demo showing exactly how our solutions can help keep your business and customers safe. We offer a variety of plans to help you build your defenses and look to the future:

• Veriff Fraud Protect utilizes machine learning-powered checks, advanced fraud network mitigation strategies, and our team of in-house experts to help protect your organization against fraud.
• Fraud Intelligence - Veriff Fraud Intelligence enhances your ability to mitigate threats with enriched insights and a consolidated RiskScore to enable more effective investigation and decision-making.
• Biometric Authentication - Authenticate users promptly and securely across all stages of the user journey, ensuring seamless and stress-free experiences while preventing unauthorized access.