Let’s see what went wrong (and right) with the most newsworthy fraud cases last year.
It seems every year gets busier in terms of fraud cases and cybercrime. 2019 was no different. And while we saw some old classic techniques (romance scams, data breaches), there were a number of surprising cases that had never made the news before.
Deepfake Fraud Went Mainstream
Picture the scene: you are the managing director of a British energy company. Your boss rings in a hurry and asks you to urgently wire $240,000 to a new supplier in Hungary. You’ve guessed it, the story doesn’t end well.
So how did a tech-savvy, competent executive get tricked into such an expensive mistake? The new advances in ultra realistic voice cloning, a.k.a audio deepfakes.
Using existing recording of a person’s voice, fraudsters were able to employ AI to make the boss say everything they wanted him to. The system breaks down a voice recording into sounds and syllables, and can then be rearranged to form new sentences, with realistic speech patterns, including pauses and tone.
And it worked wonders: according to the victim, the request sounded strange, but the voice was so lifelike they felt they had no choice but to comply.
So 2019 saw the most prominent (and costly) case of deepfake fraud we’ve seen yet. We predict that now the floodgates have been open, we’re going to read a lot more of these kinds of stories in the oncoming years.
Feds Bust the Biggest Online Scam In U.S. History
An operation started in 2016 finally bore its fruits last year, when U.S. federal prosecutors indicted 80 people on charges of online scams – the largest case of this kind in the country’s history.
The criminals, many of whom were Nigerian nationals, combined fake business scams and online romance to defraud ederly victims. They had succeeded in extracting more than $6M, and had their eyes set on another $34M in potential earnings.
The romance scams were particularly successful. In one fraud case, a woman was conned into wiring a total of $91,000 to a bank account controlled by the criminals. In another, the thieves pocketed $87,000 in multiple instalments.
But the most devastating case saw a Japanese woman transfer more than $200,000, which she had borrowed from friends and family, to a man she believed was a U.S Army captain stationed in Syria.
As it turns out, romance scams were one of the most costly cases of fraud for victims in 2019, costing them an average of $2,600 per scam. It’s still one of the most used forms of consumer fraud, and there is a high chance it will continue to be successful, especially with less tech-savvy people.
Data Breaches Continued to Damage Businesses
Another year, another plethora of massive data breaches. 2019 kicked off with a bang when Marriott lost up to 500 million guest records, including passport numbers and credit card information.
In February, 617 million user accounts details from numerous sites ended up on the darkweb, and yet it still pales in comparison to the breach suffered by First American, which lost 885 Million records in May, the second biggest breach of all times.
More worryingly, 1.2 billion records that were exposed by two data enrichment companies.
It shows that even organisations that can fight against fraud can sometimes end up giving ammo the bad guys. That’s because third party data enrichment providers are often queried by cybersecurity and fraud prevention companies to help build profiles of users.
A Bad Year for Facebook and Security
Instagram and Facebook hoaxes are a dime a dozen, but last year’s fake warning post was notable for fooling tons of celebrities and influencers. Julia Roberts, Pink, Usher, Judd Apatow and T.I. all reposted a message claiming Instagram was changing its rules to user permissions.
And while these hoaxes are a victimless crime, the same cannot be said of the massive data breaches Facebook suffered this year. Hundreds of millions of account credentials were exposed on St. Patrick’s Day, quickly followed by another 540 million records lost in April. The kicker? These account details were left unsecured on unprotected servers.
The company was also back in the headlines in November, when 100 app developers were found to have accessed inappropriate profile data. There was some fighting back, though, as Facebook began legal proceedings against app developers generating fraudulent revenue. Two app developers, who used a click injection technique to generate ad clicks, were sued by the Silicon Valley giant in August..
We’ve come to expect the number of fraud cases to skyrocket on a regular basis, but 2019 was a real record-setting year. The biggest data breaches ever seen happened that year, and we all know how these end up creating a vicious cycle of account takeovers, phishing and lost resources.
Hopefully, as more and more companies implement strong fraud prevention measures, the next year won’t be as bad for business and consumers.