Business Maverick

SCAM CENTRES

Cybercrime goes corporate — there are ways to protect your company

Cybercrime goes corporate — there are ways to protect your company
Dedicated scam centres are springing up to commit cybercrime. (Image: iStock)

The image you have of cybercriminals as lone hackers hunched over a laptop in a hoodie is outdated – it has become so much more sophisticated.

Cybercriminals have graduated to syndicates working out of “scam centres” or even entire office buildings.

Jason Lane-Sellers, director of fraud and identity at LexisNexis Risk Solutions, says cybercriminals now operate out of criminal enterprises or corporations with call centre operations.

“We’ve seen images of centres being raided in the Philippines where the set-up was so sophisticated that a number of the people working in the building were not aware that the whole company was a fraud,” he says.

The latest annual cybercrime report from LexisNexis Risk Solutions analysed 92 billion transactions processed in 2023.

The report, Confidence Amid Chaos, reveals a 19% year-on-year increase in the global human-initiated digital attack rate compared with the previous year.

Cybercriminals’ expanding scale of activity is reflected in the rising attack rate, particularly in ecommerce and across North America.

“Cybercriminals continue to increase the scale and complexity of their illegal operations, with dedicated scam centres becoming a permanent fixture to mount digital attacks on consumers worldwide,” says Stephen Topliss, vice president of fraud and identity at LexisNexis Risk Solutions.

Advanced bots

“While these scam centres will continue to drive the threat of human-initiated attacks, organisations cannot afford to be complacent about the growing sophistication of bots, which can display more human-like behaviour to evade traditional prevention solutions.

“By focusing on identifying advanced bots in real time, businesses can mitigate their ability to create fraudulent accounts or test stolen login credentials for future account takeover attacks.”

The LexisNexis Identity Abuse Index, which records the percentage of attacks per day, shows that attack rates spiked at both the beginning and end of 2023.

One good thing about increasing interest rates and global inflation is that they pushed down the growth of ecommerce transactions by 7%, leading to fewer opportunities for cyberfraud.

The Confidence Amid Chaos report shows that third-party account takeover fraud was the leading type of fraud reported by clients in 2023, contributing 29% of fraud classifications reported.

Automated bot attack rates remained steady in 2023, partly due to the threat posed by advanced bot detection capabilities to this attack vector.

These capabilities involve detecting bot traffic that mimics the locations of legitimate customers via IP proxies, along with identifying abnormal timing of events and unusual on-page or in-app behaviours.

Businesses are increasingly employing proxy-piercing technology to break the anonymity of cybercriminals attempting to conceal their behaviour through the use of virtual private networks (VPNs).

SA lags on cybercrime cover

Locally, research by Santam, South Africa’s largest short-term insurer, reveals that the average cost of a data breach is now $4.45-million worldwide, up 15% in only three years, while cybercrime is one of the top three risks identified by commercial entities in the country.

Despite this, the research also indicates that only 26% of commercial respondents indicated they had cybercrime cover in place.

Thabo Twalo, chief underwriting officer at Santam Broker Solutions, says this is particularly concerning as South Africa has been identified as a hotspot for crimes such as identity theft, data breaches, malware and phishing scams.

“Although attacks on large corporations may make the headlines, it’s the frequent attacks on smaller businesses that are more concerning. The 2022 SHA Risk Review found that one in three small and medium enterprises had been a victim of a cyberattack,” he says.

Typically, cybercrime involves gaining illegal access to a computer or IT system to extract information or to implant malware, which can disrupt a business in various ways.

“For example, cyberextortion is when malware known as ransomware is used to extort money from a company, threatening actions such as the destruction, theft or illegal distribution of data. Emails continue to be the most common means of illegal access.

According to a Mimecast report, email remains the top attack vector for cybercriminals, and phishing attacks remain the top threat to email users,” says Twalo.

He said the increase in remote work trends since the pandemic had compounded security risks.

To alleviate these risks, Twalo recommends that companies put security measures in place, such as providing work-issued computers with antimalware protection to employees working remotely and ensuring they are used only for work-related tasks.

“Employees should be required to ensure routers have built-in firewalls and that they change passwords often.”

Twalo says SMEs need to ensure that they have adequate insurance in place to protect the business from this growing threat.

To ensure that all aspects of their businesses are protected, business owners should have a policy in place that provides cover in the following key areas:

  • Data breach and restoration: After a breach, the business may be liable for damages to third parties. This extension covers legal defence costs and damages if the case is unsuccessfully defended.
  • Third-party liability: This provides cover against claims made against the business clients or agents who experience a cyberattack on its system.
  • Business interruption: This is designed to assist SMEs get back on track after a breach.
  • Cyberextortion and cybercrime: This helps get businesses running as soon as possible after a cyberattack and manages the financial implications of a ransomware attack. DM
Gallery

Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted