Fraudsters’ working patterns have changed in recent years

Less sophisticated fraud — in which doctored identity documents are readily spotted — has jumped 37% in 2022, according to Onfido. Fraudsters can scale these attacks on an organization’s systems around the clock.

It is estimated that the current global financial cost of fraud is $5.38 trillion (£4.37 trillion), which is 6.4% of the world’s GDP. With most fraud now happening online (80% of reported fraud is cyber-enabled), Onfido’s Identity Fraud Report uncovers patterns of fraudster behavior, attack techniques, and emerging tactics.

Hyperconnectivity extends fraudsters’ ‘business hours’

Over the last four years, fraudsters’ working patterns have dramatically changed. In 2019, attacks mirrored a typical working week, peaking Monday to Friday and dropping off during the weekends. Yet over the last three years, fraudulent activity started to shift so that levels of fraud span every day of the week.

In 2022, fraud levels were consistent across 24 hours, seven days a week. With technology, fraudsters are more connected across the globe and are able to traverse regions and time zones, and can easily take advantage of businesses’ closed hours when staff are likely offline. This hyperconnectivity means there are no more ‘business hours’ for fraudsters and sophisticated fraud rings — they will scam and defraud 24/7.

“As criminals look to take advantage of digitization processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cybercrime are now invariably linked,” said Malik Alibegovic, Forensic Analyst at Interpol. “A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”

The fourth edition of Onfido’s annual Identity Fraud Report also revealed:

Increasing number of fraud rings uncovered through repeat fraud: Fraud rings are making thousands of variations of the same document by tweaking minor details each time in an attempt to create thousands of fake accounts. Using Onfido’s Repeat Attempts, one company identified 300 documents submitted with the same document number combined with slightly different attributes over a three month period.

Fraudsters deterred by biometric verification: 83% fewer attacks occurred on biometrics compared to documents, suggesting fraudsters focus their attacks on documents when attempting to bypass onboarding defenses and abandon attempts when confronted by biometric verification.

Gaming is one of the most attacked industries: Gaming fraud increased 4X over the past 12 months, making it one of the most attacked industries ahead of healthcare, finance and professional services.

85% of all fraud is estimated to be linked to synthetic identity fraud – where a fake ID is created by combining real personal information bought from the Dark Web with fabricated personal information. Onfido’s Identity Fraud Report reveals that synthetic IDs are more likely to be of men than women, and fraudsters are opting to use fictional names. For example, one of the names frequently used for fraud was Edward Cullen, the lead character from the series, Twilight.

Most commonly used phones fraudsters use come from lower cost brands like Symphony (Indian), Gionne (Chinese), and lava (Indian), presumably to use as burner phones, specifically for the purpose of conducting fraud.

“Less sophisticated fraud jumped 23% this year to 72.9%, pointing to fraud becoming a matter of quantity over quality as fraudsters are opting to attack systems en masse. Fraudsters can produce low-quality fake documents in the thousands, launch an attack, and hope one slips through a business’s defenses,” said Simon Horswell, Fraud Specialist at Onfido. “The flood of attacks can distract businesses from the rarer but more sophisticated fraud. This is why automating fraud detection to prevent ‘less sophisticated’ fraud from slipping through is key, so businesses can protect themselves at scale while focusing key resources on more advanced attacks.”