Account takeover incidents up by 20% in 2020: Report
The account takeover incidents increased by 20 per cent in 2020 compared to previous year and every second, fraudulent transaction in the finance industry was an account takeover last year, a new report said on Sunday.
According to anonymised statistics of events detected by Kaspersky Fraud Prevention from January to December 2020, the share of such incidents increased from 34 per cent in 2019 to 54 percent in 2020.
Two schemes to get access to a bank account -- ‘the rescuer' and ‘the investor' -- remain among the most common since 2019.
"We believe that solutions for the financial industry should provide a high level of security measures - including protection against fraud - which are seamlessly integrated into the user experience," said Claire Hatcher, Head of Business Development, Kaspersky Fraud Prevention.
"It is worth regularly reminding clients about fraudsters' techniques, so that they are likely to notice something".
The importance of digital financial services and e-commerce increased in 2020 with people spending more time at home as a result of the pandemic.
Kaspersky experts suggested that it caused a spike in social engineering techniques being exploited by cybercriminals.
"In addition to the rise of successful account takeovers, in 12 per cent of fraudulent incidents, legitimate remote administration tools (RAT) such as TeamViewer were misused in an attempt to gain access to user accounts," the findings showed.
The Kaspersky Fraud Prevention team distinguished that there were two common types of approach used by attackers to obtain access to accounts.
The first tactic sees scammers masquerade as ‘the rescuer', where they pretend to be security experts and act out scenarios to ‘save' users.
The second example is where cybercriminals act as ‘the investor'. This scenario involves fraudsters posing as employees of an investment company, or as investment consultants from a bank.
"They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client's account, without having to go to a bank branch," the report said.