How Digital Fraud Has Evolved: Key Takeaways for CISOs

Regular training, robust fraud detection systems, and a culture of vigilance are key to combating digital fraud these days.

David Balaban

November 8, 2024

4 Min Read
Regular training, robust fraud detection systems, and a culture of vigilance are key to combating digital fraud these days.
(Credit: canbedone / Alamy Stock Photo)

Fraudsters have been around since the dawn of time. But the internet has completely transformed the scale at which they operate. There are now an unlimited number of potential victims they can target with various schemes, from phishing attacks and identity theft to sophisticated scams and financial fraud.

And that’s exactly what they’ve been doing. According to the Global Anti-Scam Alliance, scammers stole over $1 trillion in 2023 alone. As the world continues to embrace new technologies, digital fraud is expected to rise proportionately. For companies in all industries, this means that cybersecurity measures and capabilities to combat fraud are no longer optional but necessary.

Let's look at some of the main digital fraud trends organizations are facing today and ways to effectively mitigate them.

Emerging Trends in Digital Fraud

It has been an eventful few years for digital fraud powered by emerging technologies like artificial intelligence and machine learning. Account takeover attacks (ATO), particularly via session hijacking, have made many headlines throughout this year, forcing browser developers to implement stricter security controls. And that’s only one example.

With cybercriminals attacking from all angles, it’s difficult to pinpoint all rising threats. With that said, there are a few that stand out.

Related:In a Digital World, Anti-Fraud and Security Teams Should be Partners

Deepfake Technology

While deepfakes have been around for some time now, they have drastically evolved in recent years. Thanks to various AI tools, they’re not only more realistic and harder to detect but also significantly easier to create. Digital fraud involving deepfake technology is costing organizations millions. In one severe case, a Hong Kong-based company lost $25 million to scammers after they deepfaked the company’s CFO in a live video call.

It’s easy to blame the worker who fell for the scam in this scenario, but was the organization doing anything to provide adequate training and tools to prevent such incidents?

Digital Impersonation

Prominent business figures aren’t the only ones being impersonated. Scammers are also creating fake websites that mimic legitimate businesses to commit fraud against unsuspecting users. This is a huge problem for businesses, as according to a report by Memcyco, 40% of customers who fall victim to fake-site scams stop doing business with the company being impersonated.

There is also a lot of talk about government regulation stepping in to force companies to reimburse their customers who fell victim to fraud, which has already begun in the UK. This puts even more pressure on businesses to swiftly detect and mitigate fraudulent activities related to their brand.

Evolution in Phishing

By utilizing deepfake technology, generative AI, large language models (LLMs), and other technologies, cybercriminals can now orchestrate very sophisticated phishing attacks that are incredibly difficult even for security-savvy individuals to detect.

Just two to three years ago, phishing messages were evidently crafted by non-native speakers, with many spelling and other errors that made them easier to spot. Now, the messages are not only grammatically correct but also much more personalized, thanks to advanced data mining and social engineering techniques.

Proactive Steps to Combat Digital Fraud

Considering these evolving threats, CISOs and other security professionals have their hands full in the effort to protect their organizations. Here are some of the most effective methods in combating the many forms of today’s digital fraud:

Security Awareness and Phishing Training for Employees

Human error is the number one cause (74%) of all cyberattacks. All the threats and attack vectors I discussed are largely ineffective unless an actual human falls for them. That’s why regular security awareness training should be among the first priorities for organizations looking to boost their fraud resilience.

The training should include real-life scenarios and simulations of the latest techniques to make it easier for employees to pinpoint similar attempts from attackers.

Fraud Detection Technologies

Just as criminals are using technology to fill their pockets, the business community can also leverage advanced technologies to protect themselves. Sophisticated fraud detection systems utilize real-time scanning, machine learning, and behavior analytics to find suspicious activity, such as fake websites or unusual transaction attempts.

It’s also worth mentioning that while 72% of the businesses surveyed in the above-mentioned report by Memcyco use website impersonation protection, only 6% found it effective. So, it’s important to invest in the right technologies. Otherwise, a business may have a false sense of security, which is worse than having no protection at all.

Threat Intelligence Sharing with Peers and Law Enforcement

The cybersecurity community is fairly tight-knit, but murky information sharing, particularly when it comes to ransomware threats, makes it difficult for businesses to react in time. Open-source platforms like MISP and OTX encourage threat intelligence sharing among peers and should be used as a key resource to combat digital fraud.

Final Thoughts

Based on the trends discussed in this article and others being used in the wild, it appears that deception is a highly prevalent tactic among cybercriminals. Therefore, it’s important to exercise caution during our everyday internet activity, whether it’s checking emails, visiting websites, or even making video calls.

From an organizational perspective, the onus is on security leaders to stay on top of emerging threats and help employees learn how to deal with them effectively. Regular training, robust fraud detection systems, and a culture of vigilance are key to combating digital fraud these days.

About the Author

David Balaban

David Balaban is a computer security researcher with over 17 years of experience in malware analysis and antivirus software evaluation. David runs MacSecurity.net and Privacy-PC.com projects that present expert opinions on contemporary information security matters, including social engineering, malware, penetration testing, threat intelligence, online privacy, and white hat hacking. David has a strong malware troubleshooting background, with a recent focus on ransomware countermeasures.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights