Peter Taylor Reports for Phronesis Technologies

The rise of the smartphone

95% of households in the United Kingdom own a mobile phone, with 68% of individuals utilising mobile banking and mobile devices responsible for 50% of all online retailing. According to the Business Insider, security features are the No.1 priority for consumers.

Fraudsters are intelligent, organised, and skilled, utilising methods previously discussed to appear like genuine consumers. So, how do you stay safe? A good starting point is to consider the viewpoint of an individual mobile phone owner – whether that is yourself, your customers, your employees and so on. Each phone, and its associated account, needs to be regularly verified, and protected.

Another point to consider is the false assumption that smartphones are impenetrable to malware. Whilst they do not spread viruses in the traditional sense, they still carry the risk of other malware. In September 2019 there were 335 million installations of 172 Android Apps that contained some form of malware or malicious code, via Google Play. In addition, around 50% of mobile phones have no protection – bespoke systems are out there, and for good practice, should be utilised.

Technology to the rescue

There is a silver lining to the potential threats posed by mobile phones, and their increasing use, in both our personal and professional lives. Improving data sources ensure that devices can be checked, to ensue that it is in legitimate hands, and has not been compromised. Strangely, many organisations do not utilize software specifically designed to verify a phone number is genuine, belongs to the expected individual and has the expected SIM and device ID, despite robust solutions being readily available. This is particularly true of SME’s – these checks do not just assist with fraud prevention, but also with curating a positive customer experience and a reputation for security. Remember: Security was voted No.1 priority for consumers by Business Insider.

Good fraud prevention strategies are not only essential, but also cost-effective – with 2021 set to be another record-breaking year for fraud, organised cybercriminals will be searching for weak links – do not let your company make their list! Contact Phronesis Technologies for further information today.

Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.

As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.

Sponsored by Phronesis Technologies Limited.

Edits and afterword by Toni Pickering

References:

https://dataprot.net/statistics/antivirus-statistics/#:~:text=8.,are%20protected%20by%20an%20antivirus.&text=Antivirus%20install%20share%20statistics%20definitely,antivirus%20protection%20on%20their%20devices
https://www.outerboxdesign.com/web-design-articles/mobile-ecommerce-statistics
https://www.statista.com/statistics/289167/mobile-phone-penetration-in-the-uk/
https://www.businessinsider.com/uk-mobile-banking-survey-2020?r=US&IR=T

Peter Taylor Reports for Phronesis Technologies

The ‘new’ kid on the block?

Lets be clear, account takeover (ATO) fraud is not new – ATO fraud has been a concern for companies, particularly online retailers for over a decade. Simply put, ATO is essentially online identity theft – cybercriminals gain access to an account that does not belong to them, before using this unauthorised access to carry out illicit transactions. For example, they may use your account to purchase items, or lock you out of your account before selling it on to other fraudsters.

However, having recently released their 2020 Digital Trust & Safety Index, Sift, the payment fraud solutions company, have revealed that instances of recorded ATO attacks have vastly increased – by 282% between Q2 2019 and Q2 2020. Largely believed to be due to a rise in digital business and online shopping since the COVID-19 outbreak. Similarly, the number of stolen credentials for sale on the dark web has increased by a huge 300%.

Committing the Fraud

Numerous methods of obtaining personal details exist. Fraudsters can hack computer systems, breaching their defences to steal data, use malware to obtain vital information or coerce a potential victim into directly providing the information needed, through social engineering. Even simpler, many cybercriminals simply purchase already stolen credentials, from an insider, or on the dark web.

Once credentials have been obtained, a document known as ‘fullz’, also available on the dark web, is utilised. Fullz (full or partial) can enable fraudsters to input the data they are currently in possession of and search both illegal and legal websites to find any missing information. Social media sites are among those scoured – highlighting a sinister significance to the various data-input activities regularly undertaken by its users. Details in high demand include mother’s maiden name, commonly used aliases, vehicle details, previous addresses, driving license details, national insurance/social security numbers, pay slip data, and of course passwords (particularly banking). These crucial snippets greatly aid would-be fraudsters circumvent in the best additional security checks. Fullz documents can even be purchased with an included credit check on an intended victim. This small upgrade increases a fraudsters chances of being accepted for credit on behalf of a potential victim.

Once in possessing of various personal details, fraudsters can undertake various types of illegal activities. For example, they could impersonate their victim to open a new line of credit. Thorough criminals will change account details, e.g., address and email address to delay detection. During this window of activity, most fraudsters open numerous accounts, also likely undertaking other types of fraud using the same identity. If a card has been stolen, but the PIN is not known, fraudsters will make use of online retailers. Providing they have the billing address, most retailers will not stop such transactions until the card is reported lost or stolen. To combat this, multi-factor authentication and ‘Verified by Visa’ are now in common use as second tier authorisation. However, if, through methods previously discussed, the criminal has identified the password or even the victims D.O.B, they can often still circumvent 3D secure or be granted permissions to change aspects of the account they do not have access to. Furthermore, I have it on good authority that a large proportion of the public have not actually set up multi-factor authentication. As a result, criminals exploit this gap and continue to make fraudulent purchases, some even going as far as to setting up the service themselves, on behalf of the victim. This facilitates large purchases, easily passing the second-tier authorisation and providing access to services such as transferring money.

Fighting Back

Organised fraudsters use strict controls, enabling them to hide in the shadows. Often using permanent locations, operating out of sight, they have clear goals and organised, ever-evolving strategies. To combat fraud, I suggest focusing on four key areas:

In addition to the financial cost of ATO fraud, it also presents a real threat to brand loyalty. Over 56% of customers surveyed by Sift said that if they discovered that their personal data had been compromised, they would stop doing business with the breached site and choose another provider.

Fraud prevention and early detection is paramount – ATO criminals are educated, organised and experienced, and are as focused on ROI as any other revenue generating business. However, if an organisation presents robust systems, a zero-tolerance policy and regularly rebuff criminals fraudulently obtaining money or other assets from their customers, they will likely move on, to a target who is easier to compromise.

Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.

As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.

Sponsored by Phronesis Technologies Limited.

Edits and afterword by Toni Pickering

References:

https://pages.sift.com/cs-2020-the-paypers-digital-trust-and-safety-fraud-index.html
https://www.theabi.org.uk/news/account-takeover-fraud-losses-total-billions-across-online-retailers

Peter Taylor Reports for Phronesis Technologies

The Ultimate Convenience

With an estimated 55.5 million users, smartphones are all but ubiquitous in the UK, with 96% of those aged between 16 – 34 and 91% of those aged between 35 – 54 owning a device. Changing phones, or upgrading contracts is relatively straightforward, and consumers can transfer all their data during this process. To legitimately undertake this process, you need to notify your mobile operator provider, providing your Mobile Identification Number (MIN) and obtaining a Porting Authorisation Code (PAC). This transfer is called a Subscriber Identity Module (SIM) Swap.

An Attractive Prospect

It is estimated that more than 50,000 legitimate SIM Swaps occur every day. Unfortunately, this volume of transactions attracts fraudsters, who can easily hide in the background.

Unsurprisingly, being able to take over a mobile phone, as a way of undertaking account takeover on numerous types of accounts e.g., banking, is an attractive prospect. The easiest way to take ownership of a SIM is to fool its associated mobile provider into believing that the authorised account holder is making a genuine request. Numerous techniques to obtain log-in credentials for operators exist, including spoof log-in portals, which would then steal credentials. See below for an example impersonation of Verizon. Mentioned in our previous article, details could also be purchased on the dark web.

Another way to steal credentials is to physically impersonate a victim. As part of my investigation, I interviewed a reformed fraudster, who recanted his personal experience with SIM swap fraud.

I started on a small scale, selecting victims whose details and phone number I already knew. I then obtained a forged driving licence and utility bill before visiting a store to buy a handset. With this new handset I would do a SIM swap, porting my victim’s data onto it, and into my possession’.

Though this approach is limited, as he would look aesthetically like that of his victim, he added that he would often ‘find out who worked in the store and research them beforehand; offering a bribe or finding information which I could later blackmail them with’.

With the COVID-19 pandemic on-going this has thankfully stopped this approach. However, another interviewee admitted that it ‘was not a problem’. This former cybercriminal admitted that organised gangs conduct extremely thorough research on network operators, testing systems and obtaining policies for the issuing of PAC’s and MIN’s. Information on companies (whether they are easy to crack or not) is readily available on the dark web. He continued to explain that through ‘spoof’ messages to customers or contacting providers and utilising previously obtained information about company policies (e.g., what security checks are favoured) fraudsters have adapted quickly, and effectively.

An Unstoppable Force?

In a recent study by Princeton University, it was estimated that 4 / 5 SIM swap fraud attempts are successful. Having asked a specialist colleague to investigate this on the dark web, over a period of 15 days they found the following adverts.

The level of research and organisation undertaken by cybercriminals is clearly underestimated. As are the pieces of information that could enable them to swap your SIM.

So, what are they after?

– Personal and Work email account information (to intercept 2FA)

– Text messages (to intercept 2FA)

– Bank account / credit card account information

– Access to bitcoin and other cryptocurrency wallets

– Apple Pay / PayPal account details

– Other personal information, e.g., secret question, preferred password, D.O.B

Fight Back

As reliance on smartphones has increased, now Is the time to check your security measures, and those of your family, friends, colleagues, staff, and customers.

Contact Phronesis Technologies today to discuss their specific SIM swap fraud detection services – they can ensure that, in real time, the SIM and device ID is as expected and that no porting or call-forwarding settings have been activated. They can also check other personal details e.g., address is correct.

Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.

As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.

Sponsored by Phronesis Technologies Limited.

Edits and afterword by Toni Pickering

References:

https://www.statista.com/topics/4606/uk-smartphone-market/#:~:text=With%20an%20estimated%2055.5%20million,smartphone%20shipments%20around%20the%20world
https://www.statista.com/statistics/387184/number-of-mobile-phones-per-household-in-the-uk/#:~:text=In%202017%2C%20there%20were%2079.17,population%20of%2066.04%20million%20inhabitants

Four-fifths of SIM-swap fraud attempts successful (computerweekly.com)

Peter Taylor Reports for Phronesis Technologies

Series Introduction

In 2017 I started research into organised cybercrime. As part of these investigations, which later resulted in this series, as well as numerous others, I spoke to reformed fraudsters. During these exchanges I learned how they committed fraud, how fraud has evolved, particularly since the COVID pandemic began, and, what affect it had on victims. I also frequented sites on the dark web, obtained copies of fraud ‘manuals’ and examined what was openly being bought and sold.

My findings have since been shared with law enforcement, fraud solutions providers, finance companies, online retailers, and numerous other organisations.

In 2020, Phronesis Technologies invited me to re-visit my research and to provide updated information, to share with other like-minded individuals, in the combined fight against fraud. As it turns out, it was perfect timing, as the global pandemic that is COVID-19 caused fraud to increase exponentially. The resulting five-part article series includes: Cybercrime, The Identity Arms Race, SIM Swap Fraud, Account Takeover and Mobile Phone Security.

Keep your enemies close

A fraud investigator’s knowledge often originates after catching a fraudster and having their techniques revealed. Conversely, a fraudsters knowledge comes from how they were able to commit a fraud unbeknownst to the victim and law enforcement. Only when we combine both sides of the coin can we see the full picture, and identify opportunities to close gaps.

The fraudster toolkit

Professional fraudsters use strict controls, commonly referred to as OPSEC (Operations Security) to remain hidden. Part of this process is creation of a fixed, permanent secure location – gone are the days of the infamous internet café residing criminals!

Regarding devices, laptops are preferred, due to their ease of transportation. Accompanying this will often be a burner mobile phone, on a PAYG service. The use of VPN’s is essential, ensuring that they cannot be tracked back to their own ISP address. However, VPN’s are not 100% reliable – this protection can sometimes be lost, providing a weakness that can be exploited when considering fraud prevention techniques.

Organised cybercriminals utilise free email addresses to undertake transactions and applications. However, these email addresses will have little, or even zero history – this, if noted by an organisation, can also be a potential weakness. If transactions include software protection that can identify social media accounts associated with an email address, the fraudster could face further problems conducting their ‘work’.

Tips and tricks

Through the combination of knowledge from investigators and fraudsters themselves, as well as specific product knowledge, robust and innovative anti-fraud solutions can be identified and created. Yet, despite our understanding of the topic, and an admirable show of community spirit, organisations still need better research, training, auditing, investigative techniques, and advice, with regards to fraud.

This includes, but is not limited to:

– Financial Institutions, e.g., banks, insurers, building societies, lenders

– Online retailers

– Aggregators

– Claims Companies

– Technology Providers

Collaboration and sharing of data / findings is crucial, as is the need to ensure that whilst customer satisfaction through frictionless services is important, it must not come at the cost of encouraging, or even allowing, fraud. After all, if a customer is the victim of an attack courtesy of a company, they are likely to use a competitor going forward. Therefore, fraud prevention and early detection is beneficial to all.

Most cybercriminals are well-versed in which companies, or even industries, are easy targets – do not let your organisation be one of them! Invest in robust fraud prevention / enhanced KYC solutions and ensure all potential areas of weakness are counter-acted by specific solutions.

Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.

As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.

Sponsored by Phronesis Technologies Limited.

Edits and afterword by Toni Pickering

Peter Taylor Reports for Phronesis Technologies

The Fraud Epidemic

Fraud is now the most common crime in England and Wales. In 2018, there were 3,979,000 reported cases, worth an estimated £193 billion. Since the COVID-19 outbreak, it is estimated that cases of fraud have increased exponentially, by around 400%. Whilst the exact impact will not be measurable for some time, it is presumed that this increase will cost (globally) around $5 Trillion / annum.

Utilizing immersive research, I have written numerous articles on the different aspects, and types, of fraud. However, as a precursor, it is important to know, or to be reminded of, how the web operates.

Into the Spider’s Lair

The web is often broken down into three areas: The bright web / surface web, the deep web, and the dark web. The bright web is that which most of us use when accessing the internet, often via search engines. This part of the web is visible to all and is subject to regulation. The deep web refers to all web areas not accessible to the public, for example, government sites and archives. Only accessed via the TOR (The Onion Router) browser or other specific platforms, the dark web is not visible to all, does not have search engines and is not regulated. Subsequently, it is rife with criminal activities, including the hosting of marketplaces in which criminals can buy and sell crime as a service. In these marketplaces various personal information, e.g., bank account details, credit card details, passport details, driving licenses, social security numbers and SIM ID can be bought and sold. This is in addition to the more commonly thought of black-market goods, such as guns, drugs, and even people.

As part of my investigation, I intercepted an example of a conversation regarding SIM swap fraud. SIM swap fraud is on the rise (but more on that to come soon) – are you adequately protecting your organisation against it? Contact Phronesis Technologies today to discuss their specific SIM swap fraud detection services – they can ensure that, in real time, the SIM and device ID is as expected and that no porting or call-forwarding settings have been activated.

Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.

As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.

Sponsored by Phronesis Technologies Limited.

Edits and afterword by Toni Pickering

References: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

Peter Taylor Reports for Phronesis Technologies

Zombies, Clones and Synths

Identity theft is a term understood by many. It involves a criminal assuming our identity to undertake activities such as open new lines of credit or to simply steal money from our bank accounts. According to Forbes, 69% of all fraud is identity fraud. Three popular techniques are employed by fraudsters to commit identity fraud: zombies, clones, and synths.

‘Clones’ are the most common type of identity thieves. By simply passing themselves off as their victim, they can take over bank accounts, open new lines of credit and draw benefits, until the victim or their bank becomes aware. Personal data which enables this, including Name, Address, DOB, Bank Account Details, and even PIN’s can be purchased on the dark web, as previously discussed.

‘Zombies’ refers to the stolen identities of inactive (with regards to using credit, social security, etc) individuals. This inactivity could be due to an individual emigrating, or sadly, due to being deceased. In the UK, a National Insurance (NI) number is issued shortly after a birth is registered, released to the individual when they reach the working age. The combination of a name and NI is often sufficient to be accepted as identification, which can be built upon with other documentation to apply for driving licenses, bank accounts, credit cards and so on.

With regards to the criminal underworld, synthetic identities are a comparatively new way of committing fraud. In this type of identity theft, fraudsters create a completely synthetic identity and allow time to pass, so it can be ‘aged’ and used for future fraud. In some cases, it has been found fraudsters have waited several years to enact their plans. It is estimated that there around 1 million such identities currently in use in the USA and 200,000 in the UK. It is assumed that many fraudsters have switched to this method to avoid the ‘russian roulette’ of buying identities online, to then discover that the associated credit rating is poor, limiting the ability to exploit the victim, and thereby minimising ROI. By creating their own identities, criminals can ensure that they perfectly ‘fit’ their intended fraudulent activities, often creating associated fake email addresses, social media profiles and applying for credit (which is normally rejected) to build up enough of a persona that they can then be successful accepted, by banks, online retailers etc. It seems quite paradoxical that through the rejection of credit, a credit score for a synthetic identity can be created! According to Forbes, around 20% of identity fraud is synthetic fraud. Insurers have also reported seeing rises in instances of synthetic accounts purchasing motor policies, urging consumers to be vigilant.

As COVID-19 keeps us reliant on digital interactions, it is essential that you verify all aspects of an identity, and that they belong to a genuine person.

In need of more robust authentication services? Phronesis Technologies can help you ascertain the true identity of an individual, utilising data stored by the top 4 UK mobile operators. Contact them for further information.

Peter Taylor is an accomplished and distinguished fraud expert and investigator. He begun his career with Greater Manchester Police, before obtaining the position of Head of Fraud for Major Loss Adjusters. Since founding a consultancy firm, Peter has expanded his areas of expertise and is a cross-industry specialist in and cybercrime and counter-fraud measures.

As Phronesis continues to expand, now offering our Mobile Identity and Fraud Prevention services directly to enterprise, we wanted to commission research into cybercrime, and the many facets within, to both add to our understanding, and to share with our growing network of partners, clients, followers, and of course to those who generally operate in the sector.

Sponsored by Phronesis Technologies Limited.

Edits and afterword by Toni Pickering

References: Synthetic Identity Theft Still Growing In Automotive, Just Not As Fast, TransUnion Says (forbes.com)

3D-Secure v2 and the problem with 2FA

3D Secure (3-Domain Secure) was introduced by the PCI as a security standard for online transactions. Backed by Visa, Mastercard, American Express, UnionPay, Discover and JBC) – the protocol was designed specifically as an extra layer of security for card-not-present transactions online. You may know it in the form of “Verified by Visa” and “MasterCard SecureCode” – the box that pops up when you complete a purchase online.

Fraudsters are targeting card-not-present transactions. Consumers still tend to pick easy to remember passwords and this is a simple process for fraudsters to breach.

Version 1.0 of 3D Secure did improve security, but at the expense of the customer experience. The system authenticates cardholder information, usually requesting a password or PIN. These extra steps in the process are not a great experience, and the service is only available in browser-based transactions. This leads to a more frustrating customer experience, and a tangible drop in sales conversions (users simply cannot complete the transaction, or give up when they cannot remember their password).

Version 2.0 of 3D Secure has been introduced. The aim of the new standard is to further secure these transactions, whilst at the same time improving the customer experience, and adding mobile applications into the mix. The system now allows for replacements to passwords such as

1. Biometric identification – face, fingerprint or voice recognition

2. 2FA (2 Factor Authentication) – using a username and password, but also something the user has unique access to, for instance a phone.

3. Risk-based authentication – allows issuers to make decisions based on additional data about the transaction, merchant and cardholder

 

The introduction of 3D Secure Version 2.0 will bring about stronger authentication, mobile transactions and an improved user experience.

 

However, Phronesis believes there are still some improvements that can be made. As an example, 2FA still has the potential to be intercepted and falsified by fraudsters due to the nature of SMS and email as the communications medium.

 

SOLUTION

Organisations implementing 3D Secure v2.0 standards will need to consider a number of elements during rollout. Phronesis has designed a number of solutions that will enhance and simplify the implementation;

1. When using 2FA, our Communicate product can run additional checks on the SMS or email to ensure that the phone has not been subject to a recent SIM swap, or Call Forward event, and then validate the 2FA message.

2. For Risk-based authentication, our Assure product uses our proprietary Network Biometrics™ to determine if the customer is real, live and active and not subject to an account or device change and is acting with expected usage behaviours.

3. For lower level risk transactions, our Discover product offers a simple, fast and non-invasive validation. For higher level risk transactions, our unique Acidity Score™ adds an extra level of authentication and conducts a greater range of checks and validations.

Customers such as banks and merchants introducing 3D Secure v2.0 standards in partnership with Phronesis will achieved faster, easier and more certain results.

For more information on how Phronesis can help with 3D Secure and 2FA enhancements, please visit www.phronesis.net or contact +447539272271.