Skip to content

How to deal with friendly fraud and social engineering

Maxim Kuzin Apr 21, 2021 10:04:53 AM

Banks and e-commerce companies around the world have to deal with an increasing amount of fraud. Prevention and detection are crucial to minimise fraud damage. In this article, you’ll find strategies and tools for two widespread types of fraud: Friendly Fraud and Social Engineering.

What’s what - Friendly Fraud and Social Engineering

The two forms of fraud we’ll discuss are types of fraud where people, private or as employees of a company, get tricked. 

  • Social engineering mostly involves stories that are almost ‘too good to be true’ or just the opposite: threatening enough to scare people in doing things. This kind of fraud aims to manipulate people to give up confidential information, from passwords to bank information. Sometimes malware is installed on a victim’s computer so that the fraudster can retrieve the personal information there. 
  • Friendly fraud is a type of fraud where a process is corrupted. Here, people buy a product online but ask for a bank chargeback after the goods or services have been delivered. For this kind of fraud, which is also called ‘chargeback fraud’, the authorised cardholder disputes legitimate charges

How big is the problem of social engineering?

Social engineering is found everywhere in the digital world; neither long distances nor national borders will stop it. The extent of the operations is impressive. 

One of the best examples of this is that Interpol raided 33 call centres based in Asia during their Operation First Light. Over 1,000 people were arrested, suspected of coordinating phone scams worldwide. The fraudsters pretended to be public officials or talked their victims into saving their relatives from life-threatening diseases or disasters. Thousands of people were deceived, and assets worth $3,47M were seized. 

But these substantial social engineering schemes do not only occur in Asia. Europol, Interpol and NCB uncovered a Business Email Compromise (BEC) in Budapest worth $8.6 Million. Here the fraudsters tricked employees into transferring money to criminal bank accounts. 

Also, the Interpol Orange Notice warns against the falsification, theft and illegal advertising of fake COVID-19 and flu vaccines. The amount and extent of the fraud schemes are impressive as well. Almost 1 million COVID-related spam messages were detected in the first quarter of 2020 and 48,000 malicious URLs.

These are just a few of many examples of large-scale, cross-border social engineering fraud schemes.

How big is the problem of friendly fraud?

The number of digital purchases has increased significantly due to COVID-19. Shops closed or had limitations for visitors, so people embraced digital shopping. The number of friendly fraud cases has risen as well. The FBI sees friendly fraud as one of the top 3 threats for e-commerce, mainly because this is one of the most common and costly fraud schemes. Especially in busy times, friendly fraud is hard to detect. The cardholder claims that the product never came or that it was not them who authorised the purchase. For the merchant, a product is lost, and a chargeback fee has to be paid as well. 

Another worry about friendly fraud is that it might increase due to the financial hardship many people face worldwide; this might blur moral lines. 

Can social engineering and friendly fraud be prevented?

The damages caused by social engineering and friendly fraud are massive, and this is a global problem. But there are ways to prevent these fraud schemes. 

The key is to implement programs for customer and business identification and authentication. Before legal entities start a relationship, it is crucial to know your customer (KYC) and know your business (KYB). The due diligence procedures can be as extensive as you want or are needed: from screening and identity verifications to in depth analysis of the risks a business relationship can pose to an organisation. 

But the prevention doesn’t stop at getting to know the persons and companies you are detailing with; this is just the beginning. Once a customer is accepted, the risk (or risks) has to be managed. Financial and reputational damage can still occur. Make sure you have ongoing due diligence or ODD. Although this process is complex and may be time-consuming, it will be profitable. Especially when a part of the process is automated and with the help of artificial intelligence (AI), machine learning (ML), device fingerprinting, biometrics or other innovative solutions. 

In our recent guide on fraud prevention, we share more on the profile of the new fraudster, techniques applied and ways financial institutions can better protect their customers and organisation.