Depiction of fooling fraudsters by foiling phishing smishing and vishing scams

Whether it’s through installing malware via a phishing email, filling out fraudulent forms after receiving a smishing text, or speaking to an “agent” over a vishing call, fraudsters scam unsuspecting individuals into handing over their personally identifiable information (PII). Once criminals have the information, they commit account takeover fraud or authorized push payments fraud

This April Fool’s Day, we’re foiling fraudsters by providing tips for how consumers and financial institutions can protect themselves from phishing in all its forms.

Growth of online platforms and social media create an ideal environment for fraud

Why are phishing and its younger siblings, vishing and smishing, effective ways of facilitating scams? Partly because technology like bots and robocalls make these types of attacks easy to deploy, and easy to scale as the barrier to entry for a fraudster is low (they just need a phone and list of numbers). But the biggest contributor to phishing, smishing, and vishing attacks is the proliferation of online platforms and the information consumers share on social media.

Online platforms increase opportunities for fraud

Five years ago, people went to the movies. Today, they stream movies at home from an online platform. Thanks to the pandemic, grandmothers now shop for groceries online. I don’t think anyone predicted that two years ago! Let’s face it: our lives have fundamentally changed. We’re online all the time.

Think about every part of your life that is conducted online. Bill payment, shopping, social connection, media consumption, banking, and communication, to name a few. 

Now think about all of the accounts you have that fall into each of these categories. Multiple credit cards with multiple financial institutions. Multiple accounts for each social media platform. A plethora of shopping sites. The list goes on and on. Each account stores loads of information about a consumer and is a potential entrypoint for fraud. 

But it’s not just the number of online accounts that’s at issue; it’s also the type of information that people share online.

Sharing personal information on social media fuels fraud

There was recently a trend on Instagram where people shared the name of the cities or towns they were born in, raised in, and currently live in. What a treasure trove for criminals this trend provided! And therein lies the crux of the problem: people freely share their PII on social media. 

Think of all the personal details people share online. When they go on vacation and where. The schools their children go to and how they’re doing at school. Their middle names. It’s not that hard for a fraudster to piece together enough facts about someone to compel them to click on malicious links. 

And as we know, it’s not just emails that fraudsters send. Text messages – smishing – is rife at the moment. I received two smishing attempts myself the other day. First, because it’s the end of the tax year here in the UK, I received one that tried to get me to fill out a form for a tax refund. Half an hour later, I got one saying that my annual TV license payment had been declined and to please click here. No thanks!

Note that scammers don’t have to receive all of a victim’s information in one attack. They can piece together bits of information combined with the details people share on social media to execute the kind of fraud that devastates victims.  

How Consumers and Banks Can Help Stop Phishing, Vishing, and Smishing Attacks to Prevent Fraud

Having worked at a bank myself, I know how fraud can ruin the lives of individuals, families, and companies. The truth is, consumers are the most important defense we have when it comes to stopping scams. 

How Consumers Can Help Prevent Fraud: 

  1. Understand that fraudsters play on fear and anxiety. Your bank or legitimate merchant is never going to scare you or pressure you into taking an action. If an email, text, or call you receive from someone purporting to be from your financial institution plays on your fears or anxiety, take a step back. Disengage from the communication and contact your financial institution at a known and published number or go into the branch or store. Take the time to confirm the legitimacy of the communication you received. 
  2. Be skeptical. Just as the old adage says, if something is too good to be true, it probably is. If someone is offering you 100% return on an investment, it’s probably a scam. Same as being offered a brand new iPhone at a 30% discount – it’s likely to be a fraudulent advert. Do your due diligence and research the offer thoroughly before taking any actions. 

How Banks Can Help Prevent Phishing, Smishing, and Vishing scam: 

  1. Make fraud education interactive. Financial institutions have done a great job at educating customers, and now it’s time to take it to the next level. Consumers are distracted and their attention spans are decreasing. They’ll click right through the warning notice on their banking app without ever reading it. Consider interactive content or games to fully engage your customers so they truly are part of your fraud prevention strategy.
  2. Work with other financial institutions to educate consumers about fraud. Currently, financial institutions don’t regularly work together to educate customers for fraud prevention. Imagine if they joined forces on this initiative. Full-scale customer education marketing campaigns with representation from multiple banks – public service announcements, really – could have a tremendous impact on reducing APP fraud. 
  3. Incorporate behavioral biometrics. Fundamentally, most banks have a good picture of what normal behavior looks like for their customers. Behavioral biometrics takes that picture and projects it in HD. With behavioral biometrics, banks can understand subtle signals that show signs of distress or strange behavior. Feedzai believes so strongly in the power of this technology to prevent fraud, we acquired Revelock. There are of course other providers of behavioral biometrics. The important takeaway is to use this technology in order to build a clearer picture of a consumer’s normal interactions with banking services. 

There is no magic bullet to stop scams and fraud, but there are enormously powerful tools. Consumers are any financial institution’s first line of defense. Educate them early and often. Technology is the next best tool. With behavioral biometrics and machine learning, financial institutions can process, combine, and take action on the multitude of insights they have about each customer to truly detect and prevent fraud. Together, consumers and financial institutions can stop fraudsters from fooling anyone on April Fool’s Day and every day thereafter. 

Download our new eBook Prevent and Detect Payments Fraud with Feedzai to learn some of the common scams fraudsters use to defraud banks and how we can help by providing first-hand experience.