The underlying strategies employed by bad actors to commit online fraud are as old as commerce itself, but the specific tactics used to enact them are constantly evolving. Understanding the full range of threats is the first step towards effectively protecting your business.
Fraud is a growing internet crime in today's increasingly digitized world. It can take many forms. The most common scams are email phishing scams, card fraud for sending money and deepfaking. Fraudsters use various techniques to target government agencies or unsuspecting individuals, often collecting personal information such as email addresses, credit card numbers, and other personally identifiable information.
Fraud schemes can be complex and involve multiple steps, taking advantage of anonymity and tax security practices. In some cases, the fraudster may even sell honest customers’ personal information to other bad actors, who can then use it to commit further crimes. It’s not only honest customers at risk, but also the business owners. Legitimate companies are liable to severe financial, legal, and reputational harm if bad actors can illegitimately target big as well as small businesses’ services, submitting fake invoices for wire transfers, sending genuine-looking checks & forcing businesses to optimize their anti-fraud strategies.
However, fraudsters are always innovating to stay one step ahead, from adopting new behaviors like identity farming to embracing technological advances like deepfake video. As a business, it’s important to keep up to date with the latest fraud trends, but also to understand where they fit in established patterns of criminal behavior that change little over time.
Business fraud can essentially be categorized into four key types: identity fraud, document fraud, technical fraud and recurring fraud.
Attempting to appropriate other people’s identities to bypass security measures is easily the most common form of fraud online, making up over half of all fraudulent activity. The most direct form is impersonation, whereby a fraudster uses somebody else’s likeness, bank accounts, phone numbers or identity documents as if they were their own.
Identity fraud can also take the form of third-party intervention, where a fraudster forces, coerces or dupes someone else to gain access to services on their behalf and demand payment. As identity verification (IDV) technology becomes more sophisticated, third-party techniques involving social engineering (using deception to manipulate individuals into divulging confidential information) are becoming popular again.
As the name suggests, document fraud is the act of altering the information on government-issued IDs or creating fake documents with the aim of defrauding the verification process. Also known as synthetic fraud, this can include the erasure, alteration or substitution of data on the document.
For obvious reasons, synthetic fraud tends to be more prevalent using documents that are less sophisticated in terms of their own security measures and/or from countries where stolen or “borrowed” documents are easier to come by. For example, Veriff’s decline rate for verification sessions using the Philippines national passport is 65.22%, of which 40% are refused due to physical tampering with the document.
Technical fraud involves common scams such as attempting to bypass a set verification process - submitting streamed videos for a supposedly live verification session, or fraudulently accessing sessions that were meant for a separate individual. For instance, gift card scamming is becoming increasingly common phenomenon.
With the rise of AI, the use of deepfakes to overcome security based on facial verification and voice biometrics is an emerging trend in technical fraud and avoiding scams is becoming increasingly difficult.
Once bad actors find a vulnerability that enables them to circumvent security measures, they will tend to replicate it as many times as possible. Often attacks will occur against the same target but involve different real users or a series of synthetic identities. On other occasions the same user will try to get approval multiple times using different documents.
As online security measures become more effective, recurring fraud is being exploited by bad actors as a way to maximize their potential gains from any discovered vulnerability. In fact, recurring fraud increased by almost 47% year on year between 2021 and 2022. However, by crosslinking the data obtained from verification sessions it becomes possible to identify patterns and carry out further investigation to isolate this type of fraudulent behavior.
Fraudsters are constantly finding new ways to surface these four main fraud strategies. The following are just a few examples of recent trends we’ve seen.
Deepfake phishing: The first phishing attacks date back to the commercialization of email in the 1990s, but the potential to create deepfakes using AI threatens to take the technique to a whole new level. Voice impersonation has already been used in highly successful attacks, and it’s likely to be only a matter of time before streaming deepfake video can be used in a similar way.
Identity farming: The tactic of creating one or more fake identities using stolen personal information is becoming increasingly popular and now makes up 9% of all online fraud. Fraudsters from developed countries are often connecting with criminals in poorer locations to obtain stolen or “borrowed” identity documents, or to get them to verify themselves for services for illicit purposes.
Fake job ads: Scammers place a fake job ad on social media claiming to represent a company. Using information from the CVs supplied, the fraudsters then open accounts on the applicant’s behalf. When identity verification is required, fraudsters send magic links to the victim’s email as part of the ‘hiring process’ to try to dupe them into completing the verification process on their behalf.
Veriff will only use the information you provide to share blog updates.
You can unsubscribe at any time. Read our privacy terms