Fraud rings scaling attacks around the clock — Onfido research

The 2023 Identity Fraud Report from Onfido has revealed a rise in scaled, en masse attacks on company networks happening 24/7

According to the study from automated identity verification provider Onfido, ‘less sophisticated’ fraud — referring to fraudulent identity documents that were readily spotted — increased by 37 per cent this year, with multiple attacks of this kind being launched at once, at all hours.

80 per cent of fraud attacks were found to be cyber-enabled, with tech proving as much a curse as a gift through enabling connections between fraudsters across the world, leading to attacks being carried out from different time zones and outside traditional business hours.

This trend demonstrates a shift away from set times of operation on the part of entire fraud rings, with threat actors taking advantage of staff being offline.

It is estimated that the current global financial cost of fraud totals $5.38tn (£4.37 trillion) — 6.4 per cent of the world’s GDP.

>See also: Two-thirds of UK firms targeted by fraud in past two years

“As criminals look to take advantage of digitisation processes, they’re able to commit financial crimes with increasing efficiency and sophistication, to the extent that financial crime and cybercrime are now invariably linked,” said Malik Alibegovic, forensic analyst at Interpol, in the foreword of Onfido’s report.

“A significant amount of financial fraud takes place through digital technologies, and the pandemic has only hastened the emergence of digital money laundering tools and other cyber-enabled financial crimes.”

Speaking on the trend of en masse document fraud, Simon Horswell, fraud specialist at Onfido, commented: “Fraudsters can produce low-quality fake documents in the thousands, launch an attack, and hope one slips through a business’s defences.

“The flood of attacks can distract businesses from the rarer, but more sophisticated fraud. This is why automating fraud detection to prevent ‘less sophisticated’ fraud from slipping through is key, so businesses can protect themselves at scale while focusing key resources on more advanced attacks.”

Synthetic identity fraud

85 per cent of all fraud is estimated to be linked to synthetic identity fraud — where a fake ID is created by combining real personal information bought from the Dark Web with fabricated personal information.

This is often carried out using fictional names, one frequently used for fraud being Edward Cullen, the lead character from the series, Twilight.

Biometric verification

On the flip side, 83 per cent fewer attacks occurred on biometric mechanisms, compared to documents.

This suggests that fraudsters focus attacks on documents when attempting to bypass onboarding defenses, and abandon attempts when confronted by biometric verification.

The 2023 Identity Fraud Report from Onfido analyses data insights from millions of identity verification requests, from the 1st October 2021 to the 1st October 2022.

Related:

Why fraud is getting more sophisticated — Dimitrie Dorgan, senior fraud specialist at Onfido, explores why fraud is getting more sophisticated, and how organisations can prevent it.

What will it take to stop fraud in the metaverse? — Alexey Khitrov, CEO at ID R&D, discusses what metaverse stakeholders will need to consider when it comes to preventing fraud.

Avatar photo

Aaron Hurst

Aaron Hurst is Information Age's senior reporter, providing news and features around the hottest trends across the tech industry.