Close Menu

    From AI to malware as a service: what’s driving online scams in 2024

    Promoted | Outseer shares findings from its 2024 Global Fraud & Scams Trends Report.
    By

    From AI to malware as a service: what's driving online scams in 2024 - OutseerThe skyrocketing popularity and widespread availability of artificial intelligence in the past year has fuelled an alarming surge in scams.

    Also, the increase in consumer accessibility to instant payments has led to a resurgence in related scams and increasing reliance on money mules.

    These phenomena can be attributed to fraudsters’ perpetual quest to enhance the efficiency of their scams and expedite the cash-out process by capitalising on emerging technologies and shifts in consumer behaviour.

    As financial crime escalates, companies must remain abreast of the latest trends and adapt their strategies to combat constantly evolving fraud tactics.

    What follows is the comprehensive analysis of fraud attacks and consumer fraud data collected and analysed by Outseer’s team of fraud experts. Leveraging proprietary insights gained from safeguarding customers, this report sheds light on the ever-evolving cyber fraud landscape that affects organisations of all sizes.

    Fraud threats and trends

    While the fraud landscape, from phishing to malware and brand abuse, remains consistent year after year, fraudsters consistently refine their techniques, prompting the evolution of fraud threats and corresponding mitigation strategies shaped by current events and technological advances.

    Outseer sought out to address these pressing questions:

    • Which trends have exerted the most significant influence on fraud threats and mitigation over the past year?
    • What nuances require more attention?

    In the pursuit of answers, internal data was analysed in the context of current technology and shifts in fraudster behaviour. This has surfaced what we believe to be the top three primary fraud threats, which we address in the report:

    1. AI-powered scams
    2. Malware as a service
    3. Faster payment

    The Global Fraud and Scams Report is based on the analysis of data generated from the Outseer Fraud Action 24/7 Anti-Fraud Command Centre, which utilises machine-learning algorithms to monitor brand abuse and identify rogue attacks. The algorithms detect anomalies and signals indicative of fraudulent URLs and compromised credit cards and e-mails. Upon detection, cybersecurity intelligence experts conduct forensic analysis to examine and authenticate potential threats, ultimately resulting in the generation of detailed intelligence.

    Key findings from the report

    1. Trojan attacks experienced the largest year-over-year increase in attack volumes, driven by refined phishing tactics.

    The rise of malware as a service emerged as a significant cybersecurity threat as the volume of malware events surged 120% in the total volume of attacks year over year, compared to a 5.5% increase in phishing attacks and a 25% and 7.7% decrease for rogue mobile app attacks and brand-abuse attacks, respectively. Malware as a service allows any fraudster with US$50-$200 to evolve into a complex cyber threat that uses malware to enable their fraud attacks.

    Polymorphic malware is not a new concept, but fraudsters are now using generative AI to reduce the skill level required to spawn malware variants that elude signature-based security systems, consequently challenging the efficacy of existing security protocols. This has been seen increasingly in banking trojans, which intercept notifications and bypass alerts requiring secure channels. And their persistence easily evades detection on mobile devices.

    2. The increase in mobile banking and malware as a service has sent malware attacks to all-time highs.

    The role of malware in fraud was a major theme throughout 2023. Fraudsters have taken an interest in information-stealing malware, malware as a service and other “as-a-service”-type offerings, so much so that while the volume of fraud observed grew 108%, malware attacks grew by a staggering 4 000% (40x growth in volume), partially due to the increase in malware in mobile channels. Part of this can be attributed to the rise in mobile app usage. With the increased usage, fraudsters are targeting the channel.

    3. The adoption of real-time payments has increased automated push payment (APP) scams; some countries are responding with regulation and liability shifts.

    Outseer has seen a significant uptick in unauthorised push payments, mule accounts and account takeovers in markets where faster payment adoption is high. Surveyed financial institutions saw a spike in fraud attacks using real-time rail: 57% reported mule activity was up, 71% reported consumer ATO had increased and 62% reported app fraud had increased.

    The UK and EU have been on the forefront of change with the introduction of the Payment Systems Regulator (PSR) and the upcoming Payment Services Directive 3 (PSD3). In late 2024, the specifics of PSD3 and the implementation of the PSR liability shift will be revealed.

    4. Prediction: The rise in AI will fuel scams and corresponding losses in the coming year.

    AI has dominated the headlines over the past year, and fraudsters have already begun to exploit this technology, with several major scams reported globally. With new AI tools and technology at their disposal, fraudsters are creating varied phishing e-mails that defeat existing scam and spam e-mail filters. In addition to improving tried-and-true techniques, fraudsters are using AI more often on deepfakes, voice cloning, verification fraud and APP fraud.

    While Outseer didn’t see direct fraud losses from generative AI in 2023, we predict that the scams and corresponding losses will continue to grow. Given the goal of generative AI scams is to trick people into believing what fraudsters put out there, Outseer believes that generative AI contributed to the increased effectiveness of phishing tactics that fuelled an even larger increase in trojan and malware attacks.

    Despite the ways generative AI is being manipulated, predictive AI has also played a pivotal role in detecting cyber threats such as brand abuse, phishing, trojans and rogue mobile apps. The strength of AI and machine learning in combating these threats lies in their ability to continuously learn, adapt and detect evolving patterns of malicious behavior across various digital landscapes. These technologies enable proactive and adaptive security measures, ultimately contributing to a more robust defence against cyber threats.

    As financial crime escalates each year, it is crucial to remain knowledgeable of the latest trends and adapt strategies to combat constantly evolving fraud tactics. Download Outseer’s full report or regional reports for further analysis.

    About Outseer
    At Outseer, we are empowering our customers to liberate the world from digital fraud by providing solutions that stop fraud, not customers. Our market-leading enterprise fraud and authentication platform is used by thousands of financial institutions around the world to protect millions of customer accounts and billions of transactions annually. Leveraging proven data science, including our proprietary consortium data, our customers use our risk-based, machine-learning platform to deliver the highest fraud detection rates, lowest false positive rates and lowest customer intervention in the industry. Learn more at www.outseer.com or connect with us on LinkedIn.



    Share.
    Add A Comment

    Comments are closed.