A new report out from Outseer has identified more than 56,000 payments fraud attacks worldwide across Q3 2021, which is up 14% from the past quarter and marks a 29% year-over-year increase compared to Q3 2020.
Brand abuse attacks, where scammers purport to be reputable and recognisable companies, are on an impressive surge, as they grew 274% year-over-year in Q3 2021 to account for 45% of all attacks the team identified for their report.
But the most interesting element of the year-end summary are the top trends that payments fraud researchers predicted would grow and thrive across 2022. Small businesses — and anyone else who uses digital payments — should know what they are and how to spot them. Here's our rundown.
Trend 1: ‘Buy Now Pay Later' Fraud
Buy Now Pay Later (BNPL) services allow consumers to get a pricy product on an installment plan, allowing them to acquire something by essentially borrowing some of the money they'll earn in the near future.
We've covered the rise of these services in the past, noting when Square bought one such service, Afterpay, for $29 billion last August, and when Adobe released a survey finding that BNPL service use rose 215% year-over-year in the first few months of 2021.
Scammers are harvesting users credentials to purchase items under their name:
“Cybercriminals increasingly leverage stolen login credentials to infiltrate BNPL-enabled accounts and make elicit purchases at their victims' expense.” the Outseer Fraud & Payments Report says. “They're also exploiting the BNPL account enrollment process to defraud merchants and other organizations.”
It makes sense: All that rapid growth is a beacon for scammers who want to victimize someone who isn't quite sure how a new technology works.
Trend 2: Deepfaking
Deepfakes aren't just faked video footage of a surprisingly spry Tom Cruise: They can be audio, too. With the right audio synthesis technology, phishing scammers can forge the voice of a middle manager's boss.
This isn't theoretical, either, as just recently scammers used “forged emails and deepfake phone messages” to impersonate a corporate CEO and trick a branch manager into wiring them $35 million. While this may seem like the plot of a farfetched movie, it's surprisingly easy to do for those in the know, and circumvents a lot of existing security measures.
As any scammer will tell you, the weakest link in any system is a human one. Outseer recommends more complex corporate training to detect modern scams.
Trend 3: QR Code Fraud
Given the pandemic we're dealing with, more and more customers are trying to stay contactless when possible. That means the return of the QR code, a square-shaped barcode that can send users to any specific URL when scanned by their phone. 60% of consumers would pick a business with contactless payment options over one without, surveys show.
But visiting a random URL is a well-known way to wind up downloading malware, and there's nothing stopping a bad actor from sticking their own QR code on top of an official one at a checkout counter.
Small businesses in particular should be wary of QR codes. While they're likely not high-profile enough for a complex deep faking scam, smaller operations could fall victim to a simple sticker slapped on a wall with their brand name and a malicious QR code.
Whether building an ecommerce website or picking an in-person POS checkout system, we'll want to either stay away from entirely QR code-based payments, or invest in secure systems that employ extra verification methods like facial recognition behind the scenes.