Social engineering scams sweep through financial institutions

North American financial institutions fielded 10 times more reports of social engineering scams in 2024 than they did a year ago, according to BioCatch. The data shows scams now represent 23% of all digital banking fraud.

Growing danger of deepfake and GenAI scams

BioCatch published these findings in its 2024 Digital Banking Fraud Trends in North America report, which also details a 94% uptick in reported money mule (or money laundering) accounts.

“Reports of North American mule accounts have almost doubled in the last year,” BioCatch Director of Global Fraud Intelligence Tom Peacock said. “This not only hints at the massive scope and scale of the money mule problem plaguing the world’s financial institutions but also – more hopefully – the positive steps North American banks have taken in the last year to identify these laundering accounts.”

The report also highlights the growing threats posed by GenAI tools and deepfakes, which in the hands of fraudsters allow them to launch a greater quantity of more sophisticated attacks that are more difficult to detect and prevent. It’s already doing so today, as noted in a recent event in Hong Kong, where a deepfake impersonation scam netted the scammer $25 million.

More recently, there have been reports of impersonation scams over social media channels that exploit online profiles. These scams take advantage of a person’s recent online history to create a fog over reality during the lifespan of the scam.

“As we outlined in our 2024 AI, Fraud, and Financial Crime Survey and ScamGPT white paper, AI is super-charging fraud,” said BioCatch Global Advisory Director Seth Ruden. “Compounding its impact, and allowing bad actors to scale and sophisticate their scams with deepfakes and other devices. As the industry deploys the newest authentication methods in both account opening and account takeover processes, fraudsters will undoubtedly attack these as well.”

Account-opening fraud drops

Account-opening fraud declined by nearly 60% in the last year, as banks implemented additional controls, such as behavioral biometric intelligence. Check and deposit fraud volumes tripled in the last year. As banks have made it more difficult for fraudsters to create new accounts, these bad actors have changed their tactics, devoting more attention to deposit fraud on existing accounts.

BioCatch saw 23% of unauthorized frauds on trusted devices, as per the user profiles available. In other words, the device has been previously used over a long enough period of time to classify as “trusted.” This could lead to doubts about whether the case is actually unauthorized or a potential scam. If unauthorized, a plausible explanation might be the “patient fraudsters” modus operandi, whereby the bad actor gains access to a user account and then waits to transfer away any funds so that when they do, the transaction appears legitimate.

BioCatch also saw the copying and pasting of login credentials in nearly 30% of all fraud cases and in less than 1% of legitimate banking sessions. Nearly a quarter of all unauthorized fraud in North America takes place on trusted devices.

“More than half of those surveyed said they’d lost trust in people and suffered emotional stress after falling victim to a scam,” Javelin Strategy & Research Senior Analyst Suzanne Sando said. “Nearly one in five victims said their loss disrupted their family life. As these scams grow more prevalent and sophisticated, a data-driven approach that combines historical account data as well as behavioral and device intelligence is critical to stopping scams in real-time and saving victims and banks from significant losses.”