Protecting your business against cyberfraud: A beginner’s guide to fraudster profiles

13 July 2021
If, like me, you start your workday by reading financial news, you’ve probably noticed that several industries have seen a boom post-pandemic. This includes software and digital platforms—such as remote working and e-learning tools—as well as pharmaceuticals and logistics. It’s not surprising, seeing as we’re all working from home, worrying about our health and ordering everything from cooking utensils to bicycles online. 
 
But while the health crisis has been devastating for many industries and enabled others to pivot or grow, it has also ushered in a marked increase in fraud and cybersecurity threats. Furthermore, as a specialist in cyber and business fraud, I’ve noticed a substantial target shift from individuals and small businesses to larger corporations and government entities. Why? Because fraudsters are highly opportunistic, and the pandemic has provided myriad opportunities for them to make money from these ‘high return’ targets.
 

Just a few years ago, corporate fraud losses were usually seen as a standard operational cost. Now, for many corporations, it’s become a board-level issue, and with good reason: hundreds of millions are lost each year due to fraud. Sudden spikes in demand for certain goods—combined with short supply—have prompted fraudsters to pose as suppliers, enticing businesses with deals for these scarce and urgently needed items. The result: situations where companies pay for large orders of products such as microchips or certain metals and never receive them.

The social climate of anxiety, fear and panic make businesses and the people within them more likely to make irrational decisions in the heat of the moment. Fraudsters are well aware of this heightened susceptibility. They have become more innovative and sophisticated in response to this climate of opportunity, particularly towards large companies.

 

It’s essential that businesses protect themselves from these threats, but the types of business fraud protection and insurance policies  out there can be overwhelming. This makes it very important to understand the different types of business fraud out there. That way, businesses can sign up for the appropriate type of insurance and avoid spending on costly protection that is irrelevant. 

There are three main fraudster types that concern businesses today:

 
These are usually young actors working autonomously or in small teams, who use their programming expertise to break into companies’ systems. These hackers often use the dark web to browse and communicate anonymously, setting up alternative trading industries and even recruiting or training new hackers. Their victims’ data is used for the purposes of theft, fraud, corporate espionage, a personal challenge or just old-fashioned malice.
 

Another distinct group is large criminal organisations or ransomware groups that commit fraud to finance their activities. In a ransomware scheme, criminals take control of their victims’ software system and threaten to publish their data or block access until a given sum of money is paid. They may create layers of distance between themselves and their victims by employing money mules—people who transfer or move illegally acquired money on their behalf. 

 
These actors come from within an organisation, committing ‘inside jobs.’ Typically, these are mature and experienced professionals who are willing to commit occasional fraud against their employer. They are compelled by the fraud triangle: pressure, opportunity, and rationalisation. Their motivation is usually some sort of financial trouble, they tend to be in a position where they have easy access to the company’s digital assets, and they often justify their crime in some way. For example, they perceive the employer has sufficient wealth to skim some of it for themselves. 
 

While cyberfraud has become rampant and exponentially more sophisticated, the targets—businesses, governments, and other institutions—often lack innovative methods of prevention. This makes cyber and business fraud  insurance one of the most important lines of defence for corporations today. 

When looking for the right type of cover, companies should make sure that their insurer has a comprehensive understanding of all the types of fraud out there, and of the specific risks to the business. The goal is to keep a company protected without incurring unnecessary costs on the wrong types of insurance. That way, it can focus on doing business boldly and with peace of mind. 

Jean-Pierre Fekenne

Cyber & Fraud Business Manager, Euler Hermes Belgium