Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Doug Clare
Doug Clare
Connect Directly
E-Mail vvv

Fraud Prevention During the Pandemic

When the economy is disrupted, fraud goes up, so let's not ignore the lessons we can learn from previous downturns.

There's one fraud pattern that's highly predictable: When the economy goes down, fraud goes up. In the wake of COVID-19, the Great Recession of 2008 provides some important lessons that can help enterprise security teams protect their companies and employees against the increased risk of fraud.

Criminals Exploit Vulnerabilities
Let's first take a look at some of the broad similarities between 2008 and 2020. As in 2008, consumer debt is today at an all-time high — in fact, it's even greater than during the peak of the Great Recession. Unemployment has surged, with current rates higher than any time since the Great Depression of the 1930s.

Related Content:

Special Report: Computing's New Normal, a Dark Reading Perspective

How Better Intel Can Reduce, Prevent Payment Card Fraud

The pandemic of 2020 has affected a wide range of American workers, especially those with customer-facing jobs that pay an hourly wage. People who have suddenly found themselves unemployed are most concerned about securing necessities such as food and shelter, and more are using credit cards to pay for rent and groceries.

These challenging economic conditions make many people, including employees, more vulnerable to being exploited by criminals.

A Surge of Fraud Types Old and New
In 2008, there was a sharp increase in fraud incidents (and losses) due to: collusive fraud rings in which groups of criminals conspired to defraud a large number of institutions and credit card issuers, and bust-out fraud perpetrated by individuals with either genuine or synthetic identities, running up high balances and intentionally defaulting after making a few normal-looking payments.

There are early signs that both of these are again on the rise in 2020, but here's what's different about fraud and some greater security risks during the COVID:

  • Phishing attacks are multiplying: Anxious employees are more susceptible to phishing emails claiming to have information about COVID-19 cures and economic stimulus payments. A large-scale move to work-from-home also creates new susceptibilities for hackers to exploit, such as a fake emails from executives asking for "help," particularly with financial transactions. These emails can plant malware and entice employees with financial access to inadvertently send funds and other valuable company information to fraudsters.

  • Money mule scams are on the rise: Economic uncertainty leads to consumer vulnerability, and more consumers are getting swept up in scams involving "cash prizes" and opportunities to "earn $100,000 from your home!"

Education and Prevention for All Parties
To protect their company and employees both inside and outside of work, security professionals should address the pandemic's fraud landscape with increased monitoring and a strong employee education program. Particularly, security teams should start by identifying high-risk employees and partners.

1. Employees
Your newest hires, temporary staff, and any new offshore employees your organization enlists are a significant risk. Some are new to the roles and being trained in jobs they haven't done before, and with the influx of COVID-related business interactions, such as higher call volumes at call centers, organizations are also asked to scale quickly and manage complex employee and customer issues quickly.

With that in mind, resources to detect inbound phishing emails should be expanded, and all employees should be educated on the latest trends in COVID-themed scams such as money muling and phishing.

2. C-Suite
Believe it or not, but your C-suite may be at greatest risk: After all, the more access an executive has within your organization, up to and including the CEO, the more valuable that person is as a target. In one recent example, a criminal impersonated the leader of a UK-based energy firm using voice-generating artificial intelligence software and convinced a chief executive to wire the equivalent of $243,000.

To avoid a similar situation, your organization should consider the likelihood of each employee and partner's vulnerability to fraudsters and the potential damage they could cause if compromised. The next step is then implementing the right risk management process — parts of it customer-facing, others behind the scenes.

3. Business Partners
It's important to not forget your business partners represent a risk as well. Many companies have fallen victim to a data breach connected to vendors and resellers that had access to many of their systems and in many cases conducted business on their behalf.

Overall, through vigilance and education of high-risk employees and heavily integrated business partners, enterprise security teams can use lessons learned from previous crises to navigate the pandemic with minimal disruption, ultimately mitigating security and fraud risks within an organization.


Doug Clare is Vice President of fraud, Compliance, and Security Solutions at FICO. In this role, Doug heads FICO's fraud, financial crime, and cyber-risk businesses. With more than 25 years at FICO, he has deep expertise in helping banks and other businesses manage fraud, ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to the admin api has exposed some internal hidden fields when an association has been loaded with a to many reference. Users are recommend to update to version You can get the update to regularly via the Auto-U...
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. In versions prior to private files publicly accessible with Cloud Storage providers when the hashed URL is known. Users are recommend to first change their configuration to set the correct visibility according to the documentation. The visibilit...
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
PUBLISHED: 2021-06-24
Shopware is an open source eCommerce platform. Potential session hijacking of store customers in versions below We recommend to update to the current version You can get the update to regularly via the Auto-Updater or directly via the download overview. For older versions o...