In a world driven by digital technology and online financial transactions, the dark shadow of fraud looms larger than ever before. With businesses and individuals at risk, the ingenious methods employed by fraudsters to exploit vulnerabilities continue to evolve on a daily basis.
Understanding the landscape of fraud is crucial for individuals and organisations to safeguard their assets and personal information, and this article sheds some light on the most common types of fraud. From traditional schemes that have stood the test of time to sophisticated cybercrimes that exploit the digital frontier, the prevalence of fraud today is a stark reminder of the constant need for vigilance and awareness.
What is fraud?
Referred to by the FCA as a form of financial crime, fraud is a deceptive and intentional act conducted to gain an unfair or dishonest advantage, typically involving the misrepresentation of facts or information for personal or financial gain. In the context of financial transactions, fraud often refers to activities such as deception, forgery, or manipulation designed to obtain money, goods, or services illegally.
Fraud can take various forms, including identity theft, credit card fraud, investment scams, insurance fraud, and other schemes aimed at deceiving individuals, organisations, or financial systems.
Key elements of fraud include deceit, intent to deceive, and an unfair or wrongful gain. Fraudsters employ various tactics to exploit vulnerabilities and manipulate trust, often leading to significant financial or reputational losses for the victims.
What are the most common types of fraud?
In data released by NatWest, the three most common types of fraud in 2023 were phishing scams, trusted organisation scams, and refund scams.
With more than a third of the British public targeted by phishing scams in 2023, these attempts to commit fraud often involve fake emails, calls, sites or messages that appear to be from legitimate sources or companies which ask you to provide information of a personal or financial nature.
We’ve all had them, the text messages or emails from those purporting to be Royal Mail, our bank, Microsoft, even your boss! They often come across as urgent, rushing you to take action such as paying a delivery charge, or informing you that your account is being closed or to reset a password. Phishing scams hope to incite fear and urgency, causing individuals and businesses to act rashly without thinking about the legitimacy of the communication.
Trusted organisation scams are very similar but criminals will often contact you directly pretending to be a legitimate organisation such as HMRC, DVLA, or your energy and other service providers.
These scams often exploit the reputation and trust that people have in established entities to trick them into providing sensitive information, making payments, or taking other actions that can be exploited by the fraudsters.
In some cases, scammers may request payment for fake fees, taxes, or services. They often ask for payment in a way that is difficult to trace, such as through wire transfers or gift cards.
Fraudsters commit these scams through email, phone calls and text messages, often using fake websites that closely mimic the official sites of trusted organisations that, to most, would look legitimate. These sites often have URLs or domain names that are very similar to the legitimate ones.
Refund scams are a type of fraud where scammers attempt to trick individuals into believing they are eligible for a refund and then manipulate them into providing sensitive information or making payments. These scams often exploit the victim’s desire to recover money or assets, such as overpaid bills, taxes, or fees.
In this case, fraudsters initiate contact that is often unsolicited through email, phone calls or text messages, claiming that an individual or business is owed a refund for various reasons. Scammers often pose as representatives of government agencies, tax authorities, banks, or reputable organisations, claiming that the individual is entitled to a refund due to an overpayment, billing error, or other reasons.
To process the supposed refund, scammers ask victims to provide personal and financial information such as bank account details, credit card numbers, or other sensitive information. Fraudsters often couple this with typical phishing tactics, such as using fake websites or emails that closely resemble official ones to trick individuals into entering sensitive information.
What is insider fraud?
Insider fraud refers to fraudulent activities or deceptive actions committed by individuals within an organisation against the organisation itself. In other words, it involves employees, contractors, or other individuals with access to internal systems or information who misuse their position for personal gain or to the detriment of the organisation. Insider fraud can take various forms, including embezzlement, theft of sensitive information, financial fraud, data breaches, or other deceptive practices. The perpetrators of insider fraud may exploit their knowledge of the organisation systems, processes, and vulnerabilities to carry out their illicit activities.
Soaring cases of APP fraud crippling businesses
Authorised Push Payment (APP) fraud, also known as bank transfer fraud, occurs when individuals or businesses are tricked into authorising a payment to an account that they believe belongs to a legitimate payee, but, in reality, is controlled by a fraudster. In APP fraud, the victim willingly initiates the payment, thinking it is a genuine transaction, often due to manipulation, deception, or social engineering tactics employed by the fraudster.
Unfortunately, once the funds are transferred, they can be challenging to recover. Victims often suffer financial losses, and the fraudster may disappear or quickly move the funds through various accounts to mask their origin.
In data released by UK Finance, instances of APP fraud rose by 22% in 2023, and according to the same report, the main driver behind this rise is purchase scams, where people are tricked into paying for goods that never materialise.
In a recent interview as part of our new Wired-In podcast series, ex-fraudster, Alex Wood, shared how, together with an Organised Crime Network, he was able to defraud one business out of more than £1m by exploiting their vulnerabilities to commit APP fraud.
“We used to target companies that we thought were intellectually vulnerable. That sounds ruthless but we were going after companies that we thought would be a little bit ‘stupider’ than other companies. And that’s how I thought at the time, but you need to understand how fraudsters are thinking.
“We would target businesses in the building trade or the trade sector because we thought that they would have less sophisticated accounting procedures than, say, a law firm or an accounting firm.
“The company that I stole £1.3m from was a demolition company. However, we then discovered that there was another potential vulnerability with companies that do have sophisticated processes because they’re probably not going to be getting phoned up and attacked because they’re not going to be used to it.
“We ended up defrauding any sort of company because people with sophisticated processes didn’t expect to get hit, so when they do, it takes them by surprise and they don’t really know what to do to deal with it.
“The key feature here is vulnerability and exploiting vulnerabilities.”Alex Wood, ex-fraudster turned counter-fraud professional
To prevent falling victim to APP fraud, it’s crucial to verify any changes in payment details through trusted and independent channels, such as contacting the payee directly using known contact information. Additionally, being cautious about unexpected or urgent requests for payments and regularly educating oneself on common fraud tactics can help reduce the risk of falling prey to such scams.
While banks and financial institutions may implement measures to detect and prevent APP fraud, individual awareness and vigilance are essential components of defence against this type of fraud.