In today’s world, social engineering is at the heart of nearly every cyberattack. Using personal details collected from social media, data breaches, and the dark web, cybercriminals deploy well-crafted schemes with every sign of legitimacy. Even the savviest of individuals and businesses can fall victim to these sophisticated scammers.
To offer further insight into social engineering scams and explore how behavioral biometrics are helping financial institutions prevent them, BioCatch released a recent whitepaper, “Spot The Imposter: Tackling the Rise in Social Engineering Scams.”
What are social engineering scams?
Social engineering scams occur when scammers impersonate trusted officials to con victims out of their money. There are three main types of social engineering scams:
- Information harvesting starts with a communication to a victim, typically via a phishing email or SMS message, that leads the victim to believe they should input their personal data.
- Real-time payment scams can involve many forms of impersonation, from falsely representing a bank official or other trusted organization to romance, investment, and lottery schemes. Some impersonation schemes attempt to elicit an emotional response from a victim that will lead them to initiate a real-time-payment.
- Remote access tool (RAT) scams use impersonation schemes to get victims to download software that enables a criminal to take over their device.
A pandemic of social engineering scams
According to the Federal Trade Commission, imposter scams were the top fraud type reported by consumers in 2020. Most of these scams occurred over the phone. In total, American consumers lost nearly $30 billion from imposter scams.
Cybercriminals increasingly shifted toward social engineering scams amid the pandemic. In fact, BioCatch found that 36% of all reported account takeover (ATO) fraud in 2020 came from social engineering scams; 35% of impersonation scams involved amounts greater than $1,000.
The United States isn’t alone in this problem—social engineering scams are growing worldwide. The United Kingdom, for example, is experiencing an increase in impersonation scams. Meanwhile, Australian consumers experienced record losses from social engineering scams in 2020.
Detecting social engineering scams can be challenging because cybercriminals do not interact directly with a banking platform. Instead, they convince victims themselves to execute a payment. This means the traditional device, IP, and location-based authentication controls will appear genuine. Ultimately, preventing fraud and protecting consumers lies in understanding the co-existence of both traditional online banking fraud and these advanced social engineering scams.
Behavioral biometrics are key to spotting the imposter
What can banks do to detect social engineering scams and protect their customers? The key lies in monitoring customers’ digital behavior.
Cybercriminals have different typing patterns than genuine users. So do genuine users who are acting under the influence of cybercriminals. These subtle differences in digital behavior can help suggest whether a social engineering scam is occurring.
Through extensive data science research, BioCatch has been able to uncover patterns of behavior and work with customers to build advanced risk models. It found that several customer behaviors can offer insight into whether a scam is occurring, including:
- Typing patterns
- Mouse doodling
- Session length
- Payment context
- Active call
For example, a segmented typing pattern may indicate that a cybercriminal is dictating an account number that the victim has been directed to transfer funds into. While segmented typing isn’t always tied to a scam, it is far more likely to occur in a fraudulent situation than a non-fraudulent one: segmented typing occurs in 1 out of every 20 impersonation scams, compared to just 1 out of every 500 genuine sessions.
By analyzing digital behavior patterns, organizations can glean a wealth of data to flag potentially fraudulent activity and stop imposters in their tracks.
To learn more, please fill out the form below to access the complimentary whitepaper from BioCatch, “Spot The Imposter: Tackling the Rise in Social Engineering Scams.”