IF YOU’RE EVER on Twitter or Facebook, there’s a chance you’ve seen prompts like: Date yourself with a picture of your first celebrity crush. Tell me your hilarious porn-star name with the name of your first pet and the street you grew up on. Or: Find your medieval name using the date and month of your birth.
Harmless fun, right? Except you’ve possibly given away passwords, answers to security questions, and clues to your age, where you live, and maybe some of your interests — all great leads for fraudsters trawling the web for information to help them crack credit card accounts or fool people into handing over money.
Fraud targeting consumers and transactions online is rising everywhere, and we all need to be smarter about not getting caught out. Banks are running fast to keep up with risks, but they need help from telecoms as well as from internet and social media companies. And legislation may be the only way to encourage their cooperation amid concerns over data privacy and commercial interests.
The UK seems to be one of the biggest targets for crooks, according to experts, in large part because it’s a wealthy country with high adoption of digital services, and English is one of the world’s most commonly spoken languages. More than £750 million ($992 million) was lost to fraud in the first half of 2021 in Britain, up from £582 million in the same period last year, according to UK Finance, a trade body.
This kind of theft was already growing as consumers did more shopping and banking online, but it’s been turbocharged during the COVID-19 pandemic thanks to booming digital transactions and people using more services with which they weren’t familiar. In addition to finding clues in chain-tweets (like the examples above), fraudsters use mass text-messaging (aka smishing), adverts for fake investments or money-mules, impersonation by e-mail and romance scams. There has even been a lockdown boom in fake puppy scams.
Most people think they’re savvy enough to avoid mistakes, but it only takes one second of inattention to create an opening.
Some of the largest losses are suffered when criminals intercept e-mail traffic between companies and suppliers, or between homebuyers and their solicitors. At the last minute, fraudsters will e-mail the buyer from a fake address and give new or corrected bank details. Without keeping a constantly sharp eye in the middle of one of the most stressful transactions of your life, hundreds of thousands of dollars can be gone in a flash.
But even smaller frauds, such as fake offers to buy sought-after sneakers or trick texts saying you’ve missed a parcel delivery, can be the start of your card details being captured and other criminals trying to take you for greater sums, says Jon Shilland, the fraud threat lead for Britain’s National Economic Crime Centre. “That can feed into a recovery-room scam where someone calls you up to say they can help you get your money back, which can lead to the kind of losses that ruin someone’s life,” he says.
Authorities are struggling to combat such scams. Bankers say they need more help from social-media platforms and telecoms to help spot dodgy activity earlier in the process. “We only see the bit where the [money] transfer happens, we don’t see the bit where the customer gets snared,” says Jim Winters, head of fraud at Barclays UK.
What needs to happen is much more cooperation and information sharing among banks themselves but also between banks and all the technology and communications firms involved. In Britain, a new Online Safety law going through parliament has provisions to make companies responsible for policing investment scams and romance scams, but not fraudulent advertising.
The Financial Conduct Authority has been putting pressure on internet companies to better vet their advertisers, but progress has been slow and beefing up the law would help. For instance, Google at least requires any investment company buying search advertising in the UK to prove they are on the regulator’s financial register. But this policy only started in September 2021.
The UK could also do more to promote its e-mail and text reporting services. The more data it collects on scam types and the e-mail addresses and phone numbers used, the more law enforcement will be able to profile threats and thwart them. The Federal Reserve in the US is also trying to get the word out on social media and elsewhere.
Some things are harder, like tracking stolen money, which typically jumps quickly from bank to bank via unwitting money mules. For example, lots of people will respond to some ad, post or Whatsapp or Telegram message offering them a chance to earn cash for just receiving and sending some amount of funds. But doing so can turn them into both money launderers and fraud victims.
To be fair, banks are taking these issues seriously. They’re analyzing reams of data and customer behavior to spot and stop suspicious payments before they happen — everything from payments for unusual goods or in unlikely places, to how you hold your phone or navigate your bank’s website. Out of thousands of alerts a day, among hundreds of thousands of transactions, some customers will get a phone call from a specialist trained to make sure they know where their money is going. People often accept this as a moderate inconvenience and don’t need more than a minute or two’s thought to change their minds, says Elizabeth Ziegler, head of fraud prevention at Lloyds Banking Group.
But getting through to customers can be tougher when there’s emotion involved, such as when someone’s convinced they’re going to make big money, or if they’ve been pressured by criminals impersonating, say, tax authorities or the police, or if they’ve been seduced in a romance scam.
“Customers can be quite irate: ‘I know what I want, who are you to tell me what to do with my money?’ And it is their money,” Ziegler says. “We’re not amateur detectives, or there to provide investment advice. We just need to make sure you are well equipped for this decision.” Despite the checks, some people will still lose their money.
Still, prevention is better than cure: You can’t arrest your way out of a fraud epidemic. There’s too much of it and the criminals can be anywhere in the world. Better data and analytics are key to spotting patterns and sources of attack, but both will involve addressing challenges with data protection and content moderation.
Meanwhile, technology and communication companies will likely prefer to maximize revenue and limit costs when fraud is a small part of what happens on their networks and they’re typically not the ones getting blamed by consumers for scams. But these companies need to do more.
For us, the users of all these things, we’ll need to find the right balance between having slick, easy-to-use digital tools and minimizing the risks that such convenience brings.
Stronger legislation and rules to promote cross-industry cooperation would help. More public digital safety education would, too. But mostly, we all need to stay sharp and stop tweeting whatever song was No. 1 when we were born.