Time marches on, and with it – FRAUD! Fraud never sleeps, as we keep saying. 2017 broke many records, but 2018 has witnessed greater penetration and expansion of the fraudsters’ many schemes. Cyber warfare has expanded on all fronts. Ransomware has taken on a broader theme, attacking not only large corporate interests, but also burrowing down to individual PCs in an insidious attempt to extort at all levels. From a purely forex perspective, binary options and CFDs have felt the wrath of global regulators, but the new kid in Fraud-town has to be crypto-currencies and related Initial Coin Offerings (ICOs). Whatever the path chosen and with only four months remaining in the year, here is a brief awareness update to guide your personal prevention tactics.
At the beginning of this year, we wrote, “What should be fearful of in the coming year? Once again, not much has changed, year over year: Protecting customer trading accounts will be a high priority for all brokerages in 2018, but this threat is just the tip of the iceberg. Our industry is overly complex, using cutting edge technology to deliver its value proposition. Toss in a hefty bit of innovation, accompanied by competition and financial pressure, and you have a perfect backdrop for organized crime to enter stage left. Crooks also invest heavily in technology and continually search for weaknesses in firewalls and operating systems. When change and uncertainty define the marketplace, crooks have greater latitude for plying their trades.”
We also surveyed a number of security firms to determine their knowledgeable insights on how the “dark side of fraudulent practices” might evolve over the ensuing twelve months. Here is a brief summary of those highlights, each of which has come to pass:
- McAfee: Ransomware expansion; Robot driven attacks on infrastructure devices; AI gains in prominence as a useful tool for crooks;
- Symantec: Crooks to focus on crypto coins and exchanges; AI attacks to be frequent; Ransomware to extend to the consumer level; Malware to explode;
- IBM: AI attacks and Ransomware to become ubiquitous; Identity protection more difficult and futile;
- Gartner: AI-driven creation of “counterfeit reality,” or fake content, will outpace AI’s ability to detect it; Security budgets will expand quickly to fight infrastructure attacks;
- Forrester: Cybercriminals will use ransomware to shut down point of sale systems and interfere with election processes;
- Trend Micro: The ransomware business model will still be a cybercrime mainstay in 2018, while other forms of digital extortion will gain more ground; Enterprise applications and platforms will be at risk of manipulation and vulnerabilities;
- Watchguard Technologies: Cryptocurrency Crash; Wi-Fi Hacking; Multi-factor Authentication;
- Webroot: Discoveries of election meddling and social media tweaking will be an economic drag on some of the biggest tech giants in the industry; Backups will not prove enough to stop ransomware as hackers find ways to subvert this strategy.
We also canvassed a number of smaller boutique firms, too small to mention here. Suffice it to say that their insights followed similar lines: Ransomware, AI, Malbots, clones, and attacks at every node point in the infrastructure that connects our devices, from smartphones and PCs to servers and processing entities. Blockchain technology and crypto-currencies were also mentioned, but wherever there is obsessive consumer popularity, accompanied by a concentration of financial interests and electronic payment systems, you can expect organized crime to be present, scheming “24/7”.
What are the factors that make 2018 unlike previous years?
We have written several articles about the increasing waves of cyber warfare attacks over the past few years. Growth rates have been phenomenal, such that cyber-related fraud is now more than 50% of entire fraudulent activities. Industry insiders expect cyber crime damage to hit $6 trillion annually on a global basis by 2021. We have also noted that victim demographics are shifting due to this new reality. Younger, rather than older, consumers are moving to the forefront, most likely due to their inexperience and reliance upon network delivered information. Social media websites have become the breeding ground for identity theft activities.
As for 2018, the following graphic details the basic factors propelling fraudulent exploits to greater heights in the current year:
In the not too distant past, fraudsters had been focusing on low-hanging fruit, so to speak, going after corporate interests where the concentration of data was high and security budgets were low. Ransomware, the scheme by which crooks extort funds from victims in exchange for regaining access to their private data, has now moved down to the individual level. Identity theft has morphed from one-on-one “phishing” exercises to what has been termed “whaling”, where consumers are re-routed in mass to clone matches of respected websites to validate their login credentials and personal information. All in all, criminals are well-funded and utilizing technology to their advantage big time.
Specific fraud updates for 2018 and what to look out for on the road ahead?
Awareness is the first step in any fraud prevention plan, and in that vein, the vast preponderance of reported fraud activity falls into a few key areas: High-risk forex trading products; Crypto-currencies and Initial Coin Offerings (ICOs); Ransomware schemes; and Identity theft. In this section, we would also be remiss if we did not alert you to common pitfalls you might encounter during the coming yearend holiday and travel season, but we will cover that topic another day.
High-risk Forex Trading Products
The press has been filled with articles regarding the ongoing attack by global regulatory authorities against high-risk trading products, i.e., binary options and CFDs. New ESMA regulations ban binary options in the EU and place heavily restrictive limits on CFD products. In the U.S., Canada, and Japan, binary options can only be traded on regulated exchanges, but the issues there, as in the EU, the UK, and Asia are that cross-border solicitations by unregistered entities persist. We see no let down in the fight. Pressure continues to be put upon Israeli officials to police domestic offenses, but most operating firms have moved on to other locales or re-defined their products.
Crypto-currencies and Initial Coin Offerings (ICOs)
As the war rages against binary options and CFDs, criminal elements have moved to more fertile pastures in the form of crypto-currencies and related ICOs. Despite many entreaties that crypto-currencies may be the greatest scam of all time, unwitting investors continue to be duped by a host of schemes. Per one expert, the crooks “are most likely to use phishing digital resources, fake ICOs, bogus accounts of famous personalities in social media (a chain of scam bots in Twitter), fake crypto wallets and exchanges.”
Every piece of the crypto value chain is under attack by fraudsters. Illicit ICOs tend to be elaborate “pump-and-dump” schemes, with quick exits by shrewd operators with all raised capital. Exchanges, where buy and sell transactions are processed, are particularly vulnerable: “Hack attacks in the crypto industry have become so common that news about another exchange hacking does not surprise the crypto community that has already experienced a lot. According to the report “ Spam and phishing” in the second quarter of 2018, $ 2.3 billion was stolen. As for the global trend, scammers stole $ 1.2 billion in 2017 and $ 1.1 billion in the first half of 2018. It seems that the crypto community does not learn from its own mistakes.”
On the regulatory front, the SEC back in June noted that, while Bitcoin may not be a security, many ICOs are. This rallying call has been heard across the globe, fomenting new attacks on a regional level: “While not every ICO or cryptocurrency-related investment is a fraud, it is important for individuals and firms selling these products to be mindful that they are not doing so in a vacuum; state and provincial laws or regulations may apply, especially securities laws.”
As expected and predicted, ransomware attacks have become more insidious. As we wrote in 2017, “Ransomware is the most pervasive fraud threat on your cyber horizon, but we are not alone: “Organisations from many industries have recently fallen victim to the increasingly popular cyber threat known as ransomware. Financial institutions, government agencies, hospitals and more have all been targets of this type of malware.”
The change in 2018 is that attacks have become more personalized. Individuals are now being directly targeted: “This kind of cyber-attack has grown explosively in the last couple of years—2,500%, by one estimate. You succumb by opening a file you shouldn’t have—an email attachment you’re tricked into double-clicking, for example, or a download from a piracy site.” Social media and porn websites are launching pads for this type of extortion.
Gone are the days of simple “phishing” phone calls or obvious email attempts to access your personal information. Enter stage left AI and robots. Phishing activities have now graduated to a higher level, benefiting from the power of modern technology: “Imagine a piece of malware that can train itself on how your writing style differs depending on who you are contacting, and leverages this nuanced understanding to send tailored, contextually relevant messages to your contacts. These phishing messages are so realistic that targets fall for them, downloading malicious attachments or following dangerous links.”
This more sophisticated approach is called “Whaling”. Whaling scam emails are “designed to masquerade as a critical business email, sent from a legitimate business authority.” The links connect with clone websites that convince the target to verify current login credentials or provide private personal information. Looks can be deceiving.
Fraud never sleeps, and today’s schemes, aided by AI and modern technology, behave like a virus that builds resistance to the latest treatment regimen. It morphs, adapts, and evolves to penetrate even the best of defenses. Make no mistake about it: Cyber-warfare is on the rise and in every nook and cranny of the world. If you have escaped its long tentacles, consider yourself fortunate, but the odds are that you or one of your financial services partners, including your forex broker, your payment provider, and your bank, have already been tested over the previous year.
Now, more than ever, you need to remain diligent and skeptical, whenever you are directly solicited or attracted to advertising on the Internet, especially on social media websites. Crooks will be inviting you at every turn to take their bait, and a few of them may still rely on print media, telephone calls, emails, or even word of mouth to ply their nefarious con games. Early recognition is key.
Stay alert, keep your greed in check, and do not become a victim!