Fake it till you make it? Financial fraudsters are setting up fake websites and posing as financial consultants from call centers.
Late last month, Bulgarian police took down a financial crime ring that was responsible for stealing at least €10 million. Experts say that this could be happening here, too, targeting financial customers.
According to CSC’s Domain Security Report, “Internet fraud is typically targeted, using a variety of threat vector forms, and is a systemic issue,” said Ihab Shraim, chief technology officer, Digital Brand Services at CSC.
“These threat vectors start with a fraudulent domain containing a look-alike brand name, and then plaguing businesses and consumers with fraudulent offers launched via a variety of attacks such as phishing, brand counterfeits, malware downloaders (e.g. ransomware), and the recent rise of lethal attacks combining several threat vector simultaneously,” said Shraim. “Bad actors use all available platforms to include search engine results, app stores, social media, email, and marketplaces to carry-on these scam campaigns.”
Clark Frogley, Americas head of financial crime solutions at Quantexa, said, “Organized crime is getting smarter and more sophisticated every day. They know people are hearing about skyrocketing crypto currencies, or real estate investments and they know they can play to most people’s desire to make 'easy' money.”
Frogley said the Bulgarian financial fraud ring is an example of a social engineering fraud, “where the bad actors set up just enough infrastructure, in this case a call center, to pass brief inquiries by the victims. The bad actors simply make empty promises to get you to send in some money.
“No matter how many times we try and communicate the risk of these types of operations, people fall victim to the same types of scams,” Frogley said, adding that “above average gains in a publicly available investment should always raise red flags.”
Frogley suggested that financial customers “do some research before you invest.” Consider: How long has the company been around? Do they have a website that shows up in a google search? Is there anything other than what they provide to you that you can use to verify information about them?
And, Frogley said, “Never provide any personal information until you are sure. Do not succumb to pressure selling to hurry and send money or you will miss out. That is always bogus.”
Michael DeBolt, chief iIntelligence officer at Intel 471, said that, “while not as high profile as ransomware cartels or network access merchants, call centers do have their own enclave inside the larger cybercrime landscape, providing essential services to cybercriminals engaged in many different types of nefarious activities.
“While not as reliant on technical prowess to conduct their crimes, the social engineering tactics used to steal money, information or both from organizations is a sought-after pay-for-service amongst the cybercrime underground, especially for non-native English language actors,” said DeBolt. “We've seen call centers employed for various purposes ranging from spoofed calls to financial institutions in attempt to gain access to a victim's account, to partnerships between call centers and ransomware actors to make phone calls and to induce fear into an attacked organization, in the hopes that they will increase the pressure against organizations into paying a ransom."