News
Comment: UK Finance has found that ‘romance fraud has been on the rise during lockdown
February 2021 by Simon Mullis, Technical Director EMEA, Tanium
In relation to this news story from today, a report from UK Finance has found that ‘romance fraud has been on the rise during lockdown.’ More specifically, there was a 20% increase in bank transfer fraud linked to romance scams in 2020 compared to 2019. And £68m was lost to such scams in 2020, said the UK’s Action Fraud - another increase on the previous year.
As a result, Simon Mullis, Technical Director EMEA at Global Cybersecurity firm Tanium, has provided the below comment, warning people to be vigilant ahead of Valentine’s Day, with this increase seen in scamming someone out of money through pretending to have relationship interests.
Simon Mullis, Technical Director EMEA, Tanium:
“Attackers always look to latch on to what topics and events people are currently interested in and run with them as a theme for their phishing campaigns. When the pandemic hit we saw an initial drop in phishing emails, but attackers quickly adapted their messages to fit with our new reality and started ramping up new campaigns. We expect these actors will tailor their approach around Valentine’s Day this year, using phishing lures that are likely to be focused around romantic evenings at home rather than an offer for a discounted evening out for example.
Even though phishing emails related to Valentine’s Day have been seen for a number of years, we have seen these types of campaigns get more and more sophisticated and believable in recent months and the huge volume of them means that there are always a small percentage of people who click the malicious links. One potential cause of this is that individuals generally have a high degree of confidence in the phishing identification tools that are now used by most email providers. Users expect dangerous emails to be caught by anti-spam filters and automatically moved to their junk folder, but this isn’t always the case. Another problem is that in some cases marketing emails are becoming indistinguishable from phishing emails in terms of the design and initial appearance of the links that are included. These emails can ask recipients to do things that go against security best practice like clicking on links directly from an email.
To avoid falling victim, individuals should remember to hover over URLs to check authenticity and manually type in trusted web addresses where possible. As Valentine’s Day scams are likely to target personal email accounts, businesses should ensure they have visibility of what devices are being connected to a corporate network by staff. This can be a costly blind spot for organisations, but if they’re able to detect any successful phishing attack’s entry point and see how much of a system has been affected, quick action can be taken to fix the issue. The fact is, huge numbers of people are working from home and some malware families allow the bad guys to jump from host to host in the same network, which means that even personal computers in a shared home network could pose a threat to and be a "way in" to corporate assets.”
