UK Cybercrime Report – July to December 2020
Unique insights highlighting the fraud risks, trends and opportunities in the UK between July – December 2020.
<b>UK CYBERCRIME REPORT:
RISKS, TRENDS AND
OPPORTUNITIES</b>
July to December 2020
As a society, we have become all too familiar with the impact of fraud and cybercrime. Barely a week now passes without news of another tranche of consumer data being stolen, or fraud scams targeting unsuspecting consumers – more so since the start of the pandemic, as opportunistic fraudsters take advantage of the chaos. Personal data is now a valuable commodity and there are many bad actors out there eager to get their hands on it. The situation has become so critical, that in January this year, the Royal United Services Institute (RUSI) declared the global fraud epidemic as a ‘national security threat’.
No individual or organisation is safe from the unwanted attention of fraudsters – consumers, businesses, governments, the NHS, even the security services tasked with protecting us are all targeted by criminals keen to exploit every possible vulnerability for their nefarious gain. Meanwhile, the vast array of technology – phones, watches, tablets and others – that enhance our day-to-day lives with impressive levels of connectivity and convenience, also expose us to additional vulnerabilities, providing criminals with a rich landscape of potential access points through which they can seek out targets. Almost as diverse as our vulnerabilities, are the skills, technology and motivations of the criminals themselves. Remaining vigilant at all times, in all online transactions, has never been more important.
But there is a silver lining, and again, technology is the catalyst. Increasingly, organisations committed to protecting themselves and their customers against the threat of cybercrime and fraud attacks realise they must be armed with the latest data and analytics tools that leverage powerful linking technology to find patterns that can reveal the bad actors. In a tech-driven world, we must fight fire with fire, utilising the most accurate, current insights in order to target anti-fraud efforts most effectively.
Steve Elliot – Managing Director
LexisNexis® Risk Solutions (UK & Ireland)
INTRODUCTION: NEIRA JONES
I have long been a fan of the LexisNexis® Risk Solutions Cybercrime Report, and this edition doesn’t disappoint! With the relentless pace of technology innovation, increasing digitalisation has been our reality for the past few years. Even so, in 2020 digitalisation took on a life of its own. Who knew that a global pandemic would come along to accelerate the trend by a number of years, in a matter of months? Our new normal is one where businesses have struggled to remain afloat, but have also shown an indomitable capacity to innovate in the face of adversity: from bricks and mortar shops switching to online ordering and delivery, to restaurants becoming digital takeaways, and everyone adjusting to the challenges of working from home, all in an unthinkably short space of time. And our behaviours changed too; by necessity rather than choice. Segments of the population traditionally averse to digital interactions, especially those requiring trust such as with financial services, contributed to this trend. This is evidenced by the increase in first-time users of various digital services, most notably in banking and retail.
Unsurprisingly, this environment has become even more conducive to cybercrime and fraud. I was certainly not surprised to see that globally, financial services and eCommerce transactions grew. I was also comforted in the fact that human and bot-initiated attacks on financial services institutions declined, suggesting that security maturity and use of technology to prevent fraud continues to improve overall, in that sector. As the report shows, the favoured attack vectors appear to be identity, device or IP spoofing.
From this, it becomes apparent that financial services regulatory pressures for better identity proofing and authentication have undoubtedly played their part in better protecting that sector. Meanwhile, just as businesses accelerated their digital transformation efforts, modernising infrastructures, increasing automation and cooperation, so did criminals. For a thorough analysis of the cybercrime landscape with clear details on high-risk touch points to help prevent against future attacks, read on!
Neira Jones – Ambassador, Emerging Payments Association
The forced consumer shift to digital channels drove rapid growth in trusted transactions, with an overall decline in attacks on businesses in the LexisNexis® Digital Identity Network®. Growth economies contributed the largest growth in attack volumes. The analysis below represents the full year summary of transaction and attack patterns.
IDENTITY SPOOFING
Most prevalent attack vector
<b>THE UK CYBERCRIME
LANDSCAPE</b>
July to December 2020
UK HIGHLIGHTS: JULY TO DECEMBER 2020
52% OF ATTACKS WERE ON MOBILE DEVICES
HUMAN-INITIATED ATTACKS CONTINUE TO FALL AS BOTS BOOM IN THE UK
Mike Nathan - Senior Director
LexisNexis Risk Solutions
Banks’ ‘mobile-first’ campaigns are beginning to get significant traction in the user bases; in the LexisNexis® Digital Identity Network®, 85% of transactions now originate from a mobile device, with the majority of these transactions coming from people logging in to their accounts. This low friction path, generally using device identification and biometrics, means on average, people log in to their banks 6 days in every 7 days.
On the fraud side, the UK remains a targeted market and reported fraud losses remain at high levels compared to the rest of Europe; this is particularly evidenced for scam fraud, which is often being targeted from fraudulent call centres in South Asia. Despite the large volume of mobile banking events, it remains the most secure channel for online banking, with a 10x lower attack rate than mobile and desktop browsers. The main point of vulnerability of the mobile app remains device registration, compromise here leads to the keys to the kingdom. In terms of how fraudsters have behaved in the UK, there has been a huge increase in the utilisation of scripts and automated bots to test people's compromised credentials. Fraudster tools have become significantly more available on the dark web and mainstream internet, as have 'how-to' videos. Fraudsters seem to have more time to automate their jobs, so when purchasing ‘dumps’ off the internet, they have quick ways to test credentials.
BOT ATTACKS GREW 44% IN THE UK BETWEEN JULY AND DECEMBER 2020
Particularly scripts targeting media organisations and eCommerce.
UNDERSTANDING THE GENERALS BEHIND THE BOT ARMIES
Rebekah Moody – Director
LexisNexis Risk Solutions
Automated bot attacks offer fraudsters the opportunity to mass-test stolen credentials at scale, deploying armies of computers controlled by a general who can minimise effort while maximising gains. Validated credentials offer the chance for the fraudster to make more money, either by selling the credentials for a higher price on the dark web, or using them in a more lucrative attack elsewhere.
They could, for example, form the linchpin to a cleverly engineered financial services scam, making the fraud appear more credible to the victim by arming the fraudster with credentials that “only the bank would know”. Regardless, the UK has seen a growth in the volume of bots that are targeting eCommerce and media organisations’ login journeys, which represents potential risk for all industries.
The eCommerce and media organisations being targeted have to manage a surge in transaction volume that might cripple otherwise finely-tuned online services. They risk not only the validation, but also the further leak, of sensitive customer data. And while financial organisations typically have more robust login protocols, this data leak may provide the missing link that convinces a good customer to fall victim to a carefully composed scam that compromises their bank account.
UK CONSISTENTLY RANKS AS A TOP ATTACK ORIGINATOR
1 |
United States |
2 |
Canada |
3 |
Brazil |
4
|
United Kingdom
|
5 |
Mexico |
6 |
Germany |
7 |
India |
8 |
Saudi Arabia |
9 |
Japan |
10 |
Netherlands |
1 |
United States |
2
|
United Kingdom
|
3 |
Canada |
4 |
Japan |
5 |
Germany |
6 |
Ireland |
7 |
India |
8 |
Brazil |
9 |
Australia |
10 |
Netherlands |
TOP 5 ATTACK DESTINATIONS
FROM THE UK
1
|
United Kingdom
|
2 |
United States |
3 |
Canada |
4 |
Australia |
5 |
Ireland |
THE UK IS AHEAD ON THE TECHNOLOGY CURVE, SENDING FRAUD ATTACKS OVERSEAS
Dan Holmes – Director
LexisNexis Risk Solutions
Adoption of fraud controls at UK institutions are typically different to other regions, with UK businesses often opting for layered defenses rather than relying on a single point solution. This culture has been driven by the high historic and current attack rates, and puts the UK ahead of the global curve in terms of technology utilisation in fraud detection.
A consequence of bolstered controls within our region has seen UK-based attackers start to also target large overseas western economies, such as the U.S. and Australia. With attacks from their own respective nations showing no signs of slowing down, this will increase the pressure on fraud practitioners in these regions, and will demand that controls remain current and effective.
Interestingly, the UK was also responsible for the 2nd largest volume of automated attacks globally. Bots and automated attacks allow fraudsters to perform mass testing across various websites using credentials that they have managed to compromise via a variety of different methods. Automating this testing process means they can remain efficient in their operation, focusing their time on legitimate opportunities to monetise, rather than wasting effort on credentials that are either incorrect or offer very little incentive to burn a mule account or a device.
Farah Nain – Engagement Manager
Fraud and Identity Professional Services
LexisNexis Risk Solutions
We can see that customers are using their mobile devices more than ever to bank and shop online - so why have we seen a decline in attacks from the previous year?
With a high proportion of the world’s population being confined to their homes for most of 2020, there was less opportunity for devices to become vulnerable to attacks from the outside world, such as malicious malware on open/public wi-fi, man-in-the-middle attacks in coffee shops, and even physical theft of mobile devices. There has also been a concerted effort across industries to strengthen their mobile channels, implementing biometric authentication, for example.
FRAUDSTERS LEVERAGE THE POWER OF NETWORKS TO FACILITATE ATTACKS
The Digital Identity Network® continues to record a strong pattern of cross-organisational, cross-industry and even cross-regional fraud.
It’s likely that each network comprises several groups of fraudsters using the same lists of stolen identity data, which are being exploited across regions and industries.
Devices associated with confirmed fraud events are likely tied to the same individual or fraud ring, given that hardware is not shared in the same way as stolen data.
The analysis in this report includes:
-
The key links between devices and stolen identity data, including email addresses and telephone numbers.
-
Transaction volumes that make up the fraudulent networks to illustrate the size and scale of fraudulent behaviour.
-
The assigning of monetary values to the entire fraud network based on known payment transaction amounts.
The Digital Identity Network allows organisations to share intelligence related to confirmed fraud events so that an entity that is marked as high-risk or fraudulent by one organisation, can be reviewed by subsequent organisations before further transactions are processed.
USE OF STOLEN EMAIL ADDRESSES ACROSS ORGANISATIONS HIGHLIGHTS THE IMPORTANCE OF ROBUST EMAIL RISK ASSESSMENT
FOCUSING ON NETWORK ANALYSIS
Michael Brooks – Data Scientist
LexisNexis Risk Solutions
It has been common for years to investigate links to known fraud. The focus now is network analysis to automate and visualise this process, both after the fact and on risky links in near real time too.
The benefit is it is much easier for fraud analysts and operators to spot connections in a network rather than a table. The shape and properties of the network point towards information that is more central to the case, like a fraudster's main device or mule account.
Triggering on the riskiest links in near real time productionises this process for immediate and automatic reviewing of live fraud cases. That's an unprecedented standard of immediacy, coverage and relevancy of fraud intelligence for the UK banks now.
We've seen intelligent fraudsters try to change as much of their digital identity as possible to evade detection, but it only takes one overlap of information anywhere across the Digital Identity Network to join new events to the chain of networked fraud. All that's needed is being deployed on key touchpoints in a user journey; the data unravels the story from there.
SPOTLIGHT: ANALYSING NETWORKED FRAUD ATTACKS LINKED BY DIFFERENT PIECES OF DIGITAL IDENTITY DATA
FRAUD ATTACK
Fraudster using 3 different devices at 3 different banks.
3 fraudulent transactions cannot be linked as there is no common identifier.
ADDING IN ADDITIONAL DATA
Links Device A and B by an email address.
Links Device B and C by telephone number.
BUILDING THIS DIGITAL IDENTITY IN THE DIGITAL IDENTITY NETWORK
An online digital identity can be built in the Digital Identity Network by linking the 3 fraudulent transactions via the email address and telephone number. When any of these individual entities is seen in a new transaction, the history of the digital identity can be checked for fraud.
PREDICTIONS FOR THE YEAR AHEAD:
THE OPPORTUNITY FOR DIGITAL BUSINESSES
With change, huge opportunity often emerges. This opportunity, however, presents itself not just to forward-thinking digital businesses, but also to cybercriminals who can remain just ahead of the technology curve. As organizations continue to merge their digital and physical services, innovating to meet an increasingly diverse consumer base, fraud prevention strategies must keep pace with this evolution, transformation and growth. Without a robust, and layered approach, businesses are opening themselves up to new fraud risks. Fraudsters remain masters of disguise, continually searching out the weakest link under a cloak of legitimacy.
This weakest link may well be those new-to-digital customers who have come online during the pandemic. Younger adults and the older population have been shown to be the most susceptible to fraud attacks. Fraud prevention extends not only to detecting identity spoofing, automated bot attacks and account takeovers, but also to awareness, education and customer messaging that shows all customers how to better spot potential scams. It’s likely that we will continue to see fraudsters preying on pandemic-related anxieties, offering investments that look too good to be true or products that are in hot demand online.
It’s not just new customers that must be protected, however. Trusted, existing customers may be inconvenienced with additional authentication steps as “back to normal” behaviour is potentially flagged as unusual following the unprecedented change that took place in consumer behaviour in 2020. How can organisations ensure that reliable fraud prevention does not mean unnecessary friction for good customers? Regulatory change and economic uncertainty will also merge with this evolving digital landscape:
Open banking platforms will become a key target for fraudsters looking to exploit customer data across accounts. PSD2 in Europe will see fraudsters looking for loopholes and exemptions in tighter fraud defences. Again, good customers may see a change to transaction acceptance rates with the new swathe of authentication strategies that mandate two layers of strong customer authentication (SCA).
It’s likely too that as economies respond to the impact of the pandemic, fraudsters will look to benefit from the downturn via increased mule recruitment, promising consumers fast money in return for use of their bank account to funnel proceeds of crime through global organisations.
eCommerce merchants will likely see a growth in first party fraud as more consumers feel the economic pinch.
CNP FRAUD: THE ONE TO WATCH IN 2021
Kate Dunckley – Solutions Consultant
LexisNexis Risk Solutions
It’s impossible to look back on 2020 without mentioning the impact Covid-19 and the global pandemic has had on the world, especially when talking about cyber fraud trends and behaviours.
Billions of people were pushed further into the digital world nearly overnight. Our lives have changed as we have begun embracing the online citizenship duties that came with this necessary digital transformation. Basic needs like grocery shopping, and little pleasures like beauty products and home décor items, came from online sellers, thus the overall global 38% growth in eCommerce transactions doesn’t come as a surprise to anyone. Additionally, the need for entertainment as an outlet for happiness in the dark times pushed our media consumption up by 9% during the pandemic.
While the digital economy is booming, online transaction volumes are rising, and digital portfolios expanding and improving, so are the cybercriminals. We have seen a 32% growth in automated attacks in the eCommerce world in July-December 2020. Not only that – the UK alone has seen 44% growth in bots during that period. This would suggest that cybercriminals have used the time and invested in developing networks of automated bots that are starting to push the boundaries of security and online traffic management. With a well-developed bot network, a fraudster can do lots of things, but let’s focus on a few:
-
Beat traffic before an average consumer – This happens especially during the time of special releases, like with the Playstation 5 launch.
-
Consoles were available on reseller marketplaces for extortionate prices a day or two after launch – Traditional retailers were out of stock within minutes of the selling window opening.
-
Test a large volume of stolen credentials before they expire – Now, with the significant increase in online activity, especially in media and eCommerce in 2020, there is an expectation of card-not-present (CNP) fraud to be on the rise and that will have an impact on both retailers and issuers – from fraud and loss prevention management, as well as the regulatory perspective.
-
Find a weak spot in digital defences – Obtaining card data is a primary objective of a cyber-attacker targeting merchants, payment processors and eCommerce platforms; thus bot attacks weakening the layers of security are the easy option for gaining access to financial targets.
Once a data breach occurs, it is difficult to stop the avalanche of fraud that follows. Seeing bots on the rise in 2020, CNP fraud will be the one to watch in months to come.
DOWNLOAD THE FULL GLOBAL REPORT
The UK Cybercrime Report is a supplement to the LexisNexis® Risk Solutions Global Cybercrime Report, which is based on cybercrime attacks detected by the LexisNexis® Digital Identity Network® from July – December 2020. From global risks and industry opportunities, to analysing the cybercrime landscape in a pandemic, download your free copy of the global cybercrime report today to learn how to tackle fraud and build trust with genuine customers.