PAUL J DAVIES: Fortunes lost as pandemic fuels scammers’ social media games
Disclosing answers to security questions provides leads for fraudsters trawling the web for personal information
If you are ever on Twitter or Facebook, there is a chance you have seen prompts such as: Date yourself with a picture of your first celebrity crush. Tell me your hilarious porn-star name with the name of your first pet and the street you grew up on. Or: Find your medieval name using the date and month of your birth.
Harmless fun, right? Except you have possibly given away passwords, answers to security questions and clues to your age, where you live and maybe some of your interests — all great leads for fraudsters trawling the web for information to help them crack credit card accounts or fool people into handing over money.
Fraud targeting consumers and transactions online is rising everywhere, and we all need to be smarter about not getting caught out. Banks are running fast to keep up with risks, but they need help from telecom as well as from internet and social media companies. And legislation may be the only way to encourage their co-operation amid concerns over data privacy and commercial interests.
The UK seems to be one of the biggest targets for crooks, according to experts, in large part because it is a wealthy country with high adoption of digital services, and English is one of the world’s most commonly spoken languages. More than £750m was lost to fraud in the first half of 2021 in Britain, up from £582m in the same period last year, according to UK Finance, a trade body.
This kind of theft was already growing as consumers did more shopping and banking online, but it has been turbocharged during the Covid-19 pandemic thanks to booming digital transactions and people using more services with which they weren’t familiar. In addition to finding clues in chain-tweets (such as the examples above), fraudsters use mass text-messaging (aka smishing), adverts for fake investments or money-mules, impersonation by email and romance scams. There has even been a lockdown boom in fake puppy scams.
Most people think they are savvy enough to avoid mistakes, but it only takes one second of inattention to create an opening.
Most people think they are savvy enough to avoid mistakes, but it only takes one second of inattention to create an opening
Some of the largest losses are suffered when criminals intercept email traffic between companies and suppliers, or between homebuyers and their solicitors. At the last minute, fraudsters will email the buyer from a fake address and give new or corrected bank details. Without keeping a constantly sharp eye in the middle of one of the most stressful transactions of your life, hundreds of thousands of dollars can be gone in a flash.
But even smaller frauds, such as fake offers to buy sought-after sneakers or trick texts saying you have missed a parcel delivery, can be the start of your card details being captured and other criminals trying to take you for greater sums, says Jon Shilland, the fraud threat lead for Britain’s National Economic Crime Centre. “That can feed into a recovery-room scam where someone calls you up to say they can help you get your money back, which can lead to the kind of losses that ruin someone’s life,” he says.
Authorities are struggling to combat such scams. Bankers say they need more help from social-media platforms and telecom to help spot dodgy activity earlier in the process. “We only see the bit where the [money] transfer happens; we don’t see the bit where the customer gets snared,” says Jim Winters, head of fraud at Barclays UK.
What needs to happen is much more co-operation and information sharing among banks themselves but also between banks and all the technology and communications firms involved. In Britain, a new Online Safety law going through parliament has provisions to make companies responsible for policing investment scams and romance scams, but not fraudulent advertising.
The Financial Conduct Authority has been putting pressure on internet companies to better vet their advertisers, but progress has been slow and beefing up the law would help. For instance, Google at least requires any investment company buying search advertising in the UK to prove they are on the regulator’s financial register. But this policy only started in September.
The UK could also do more to promote its email and text reporting services. The more data it collects on scam types and the email addresses and phone numbers used, the more law enforcement will be able to profile threats and thwart them. The Federal Reserve in the US is also trying to get the word out on social media and elsewhere.
Some things are harder, like tracking stolen money, which typically jumps quickly from bank to bank via unwitting money mules. For example, lots of people will respond to some ad, post or Whatsapp or Telegram message offering them a chance to earn cash for just receiving and sending some amount of funds. But doing so can turn them into both money launderers and fraud victims.
To be fair, banks are taking these issues seriously. They are analyzing reams of data and customer behaviour to spot and stop suspicious payments before they happen — everything from payments for unusual goods or in unlikely places, to how you hold your phone or navigate your bank’s website. Out of thousands of alerts a day, among hundreds of thousands of transactions, some customers will get a phone call from a specialist trained to make sure they know where their money is going. People often accept this as a moderate inconvenience and don’t need more than a minute or two’s thought to change their minds, says Elizabeth Ziegler, head of fraud prevention at Lloyds Banking Group.
But getting through to customers can be tougher when there is emotion involved, such as when someone’s convinced they are going to make big money, or if they have been pressured by criminals impersonating, say, tax authorities or the police, or if they have been seduced in a romance scam.
“Customers can be quite irate: ‘I know what I want, who are you to tell me what to do with my money?’ And it is their money,” Ziegler says. “We’re not amateur detectives, or there to provide investment advice. We just need to make sure you are well equipped for this decision.” Despite the checks, some people will still lose their money.
Still, prevention is better than cure: You can’t arrest your way out of a fraud epidemic. There is too much of it and the criminals can be anywhere in the world. Better data and analytics are key to spotting patterns and sources of attack, but both will involve addressing challenges with data protection and content moderation.
Meanwhile, technology and communication companies are likely to prefer maximising revenue and limiting costs when fraud is a small part of what happens on their networks and they are typically not the ones being blamed by consumers for scams. But these companies need to do more.
For us, the users of all these things, we will need to find the right balance between having slick, easy-to-use digital tools and minimising the risks that such convenience brings.
Stronger legislation and rules to promote cross-industry co-operation would help. More public digital safety education would, too. But mostly, we all need to stay sharp and stop tweeting whatever song was No 1 when we were born.
Bloomberg News. More stories like this are available on bloomberg.com/opinion.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.