What does the first 6 months tell us?

The first six months of 2023 have been extremely challenging for businesses and consumers alike, with rising interest rates and living costs. Organisations are continually reviewing their credit strategies, with a strong focus on affordability and the identification of vulnerability. However threat actors are also doing the same, looking for opportunities to exploit those in need, and identify  weak controls and processes that businesses have in place. 

Economic uncertainty is a real concern, as more consumers experience financial distress. Research¹ suggests that 28% of low-income respondents expect to be unable to pay their current bills and this may drive them to look for alternative ways to recoup money or supplement incomes. As a result, individuals may be susceptible to either becoming victims of fraudulent activity or tempted to commit it themselves.  

The temptation to commit fraud 

Economic strain impacts consumer behaviour and this can be seen in Cifas research, which shows that in 2022 16% of UK adults had committed fraud or known someone that had, up from 14% in 2021². There are early indications that individuals are taking advantage of business application processes in for credit facilities. There has been a notable increase in individuals taking out loans and asset finance products with no intention to repay and selling an asset prior to fulfilling an agreement as a way to make money. There has also been a notable increase in in payment fraud, particularly on bank accounts and plastic cards, which is potentially indicative of individuals spending money on these facilities which they do not have – such as where they do not have an arranged overdraft and spending money that is not in the account.  

Threat actors will chance their luck with less rigorous policies and processes, abusing delayed credit facilities so that they can order goods to sell on or falsely claim that they had not made that transaction. This is demonstrated by Cifas research³  which suggests that 14% of UK adults have or know someone that had falsely claimed they were a victim of impersonation on a loan product to avoid payment. According to Experian⁴, fraud rates on credit cards have increased since the beginning of the year due to the rise in living costs and asset finance fraud is at its highest rate in 10 years.  

This research highlights that individuals are willing to claim that they are a victim of fraud when they are not, which is going to be a challenge for financial institutions in light of the new reimbursement requirements set out the Payment Systems Regulator for victims of Authorised Push Payments. It will be essential that organisations have sufficient controls in place to enable them to identify genuine claimants from those who are falsely claiming they are a victim. 

Targeting customers and businesses alike 

This period has shown how threat actors target those most in need – particularly those who are struggling to afford household bills. It is thought that 42% of workers are considering ways to get a second income⁵ mainly due to the rise in living costs. This demand has seen an increase in fake job adverts, posted on social media and job boards posing as genuine recruiters and impersonating companies. Victims are applying for these roles and as part of the “onboarding” process, are providing copies of their bank statements and identification – including selfies. However these details are then used to apply for products and services. Victims may also be asked to pay for equipment prior to starting the “role” which never materialises or deposit funds to carry out tasks to earn a commission. Fake job adverts account for 30% of online fraud encountered by UK adult internet users⁶ and will flourish in light of the slowing job market⁷ because individuals will look for additional “work from home” opportunities. 

Threat actors may also look to target existing products as businesses implement further affordability checks. Cifas data shows a 22% increase in facility takeover, mainly targeting online retail and telecom products. Victims are socially engineered to reveal their personal and financial information, as well as one-time passcodes to gain access to these accounts to then place orders. the increase in takeovers of bank account products, where the threat actor makes changes to security or personal details to gain control of the account is of concern. Already threat actors are diversifying the way they can cash out from these accounts, adding ecommerce platforms and crypto wallets. Details have often been harvested through cost-of-living themed smishing and phishing attacks and will continue throughout 2023 as additional cost of living support will be provided through eligibility means testing.  

There has also been a significant targeting of companies in the first six months of 2023, as threat actors exploit the financial concerns of companies, presenting themselves as brokers promising favourable loan rates, in order to harvest details from that company, to apply for products or loans and impersonate the company to submit false invoices to suppliers or customers. 40% of UK businesses have suffered a proven or suspected fraud attack in the last year⁸, suggesting threat actors perceive them as easy targets due to not being able to invest as much into cyber security, fraud prevention measures and staff training compared to their larger counterparts. As businesses combat energy prices, wage increases and mortgage rates, they may be susceptible to offers of good rates.  

Key takeaway 

Threat actors will continue to target consumers and business with cost-of-living themed attacks as the economy struggles. Therefore it is essential that organisations consider diversifying their fraud and financial crime detection in light of the changing economic climate. A multi-layered approach is essential not just at onboarding customers, but also throughout their customer life cycle. 

--------------------------------------------

 1 consumer-pulse-q2-2023.pdf (transunion.co.uk)

 2 Cifas Fraud behaviours report 2022

3  Cifas Fraud behaviours report 2022

 4 Fraud Index Report - Experian UK

5 Is it ever OK for staff to have a side hustle or second job? | Organisational Culture | HR Grapevine | Feature

6 Online scams and fraud research: summary report (ofcom.org.uk)

7 Hiring by UK firms slows amid ‘lingering economic uncertainty’ | Economic growth (GDP) | The Guardian

8 More than half of UK SMEs worry about being victims to fraud amid the cost-of-living crisis (ibtimes.co.uk)