Coronavirus increases exposure for digital payments fraud
As travel restrictions tighten, and social distancing in the coming weeks becomes the new normal, financial interactions – from shopping to banking – will increasingly move online The rise in purchase volume that will result will not only test supply chains, but also the ability of individuals and businesses to avoid fraud traps.
Fraudsters, for their part, are hoping to hide in the crowd and take advantage of changes in behavior.
These changes will likely start with a subtle decline in face-to-face interactions. Meanwhile, digital transactions will start to ramp up. If the U.S. even slightly mirrors the evolution in buying behavior that’s transpired in China following the outbreak – a 215% YoY growth in grocery sales between late January and early February, according to Chinese online retailer JD.com – digital transactions should see a sizable increase from when the WHO declared a public health emergency of international concern.
Over the next few weeks, U.S. businesses with online platforms might be tempted to relax fraud controls to free up potential friction – they shouldn’t. It could mean major fraud hits.
On Friday, March 6, the Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about social engineering and phishing scams with COVID-19-related subjects. Included are phishing scams using e-commerce lookalike sites to sell in-demand supplies, change of service announcements, fake charities and so on.
The goal is to encourage unsuspecting individuals to click a link (thereby inserting malware) or to fill out personal information on a fraud-hosted website.
Business-specific communications, too, are at high risk for business email compromise. Changes in corporate events, travel, and other matters can all be used to socially engineer an employee to click a link or to fill out information they should not. Employees might also be tricked by fictitious HR communications related to COVID-19 or even emails that look like updates from an employee’s local municipality. Given the panic, and the desire to stay informed, fraudsters will be especially keen to take advantage of those with sensitive, high-value information.