Skip to Main Content Increase Contrast Accessibility Help
cybercrime 2023 vector

Cybercrime tactics to watch out for in 2023

Latest News

Cybercrime tactics to watch out for in 2023

Published: January 30, 2023

The threat of cybercrime is as prevalent as ever, so it’s vital that businesses in 2023 continue to be aware of the dangers.

At Unity Trust Bank, we take online security very seriously and want to make sure that our customers are familiar with the latest cybercrime tactics that are being used, so they can avoid falling prey to malicious criminals.

James Dockerill, Unity’s Financial Crime Operations Lead, reviews the top three threats experienced in 2022. He also looks ahead to the main cybercrime risks to watch out for in 2023.

James Dockerill shares the cybercrime tactics to look out for in 2023

Fraud trends from 2022:

  1. During 2022 we continued to see Authorised Push Payment Fraud (APP) as the most common corporate fraud type. This is where criminals trick people into authorising a payment to the wrong account. To find out the best way you can combat this threat, read our previous blog here https://www.unity.co.uk/blogs/authorised-push-payment-fraud/
  2. The tactics that criminals have used include scam phone calls, text messages and emails, as well as fake websites and social media posts. Their aim is to trick people into handing over personal details and passwords. This information is then used to target victims and convince them to authorise payments. There are subtle red flags that can be spotted to help combat this – for example inspecting the source of any emails (e.g. the address an email is sent from, spelling mistakes and signatures); if the phone number isn’t recognised or if the call is from overseas (e.g. Unity Trust Bank’s call centre is based in the UK) and being mindful that banks like Unity will NEVER ask for passwords and PINS to be divulged.
  3. At Unity, we have noticed that there is an increase in internal fraud, and unfortunately  charities are particularly exposed where they have small finance departments, single authority accounts and few policies and procedures to govern fiscal affairs.

There are ways to combat this type of fraud – for example having robust policies, see: https://www.charityexcellence.co.uk/Home/BlogDetail?Link=Charity_Policies; increasing the security levels for external payments to dual or triple authority (available for all Unity Trust Bank customers) and considering doing more than just having charity accounts independently examined.

Fraud outlook for 2023:

Identity theft

Increased use of social media and open source searches to engineer/impersonate key personnel is a real danger.

Fraudsters use synthetic media to impersonate business profiles and resources on social media to misrepresent employees, execute scams against the company or other victims, or create replica websites to obtain sensitive data.

Driven by these types of soaring cyberattack risks, the identity theft protection market is expected to double in size over the next five years according to research carried out in 2022 by Fortune Business Insights. This is as a result of profiling companies such as Equifax, Experian, Kroll, McAfee and LexisNexis.

As such, everyone should be mindful about the amount of information they share with other people online, especially if this information is publicly accessible:

  • Be careful about the content you post on social media on platforms such as LinkedIn or Facebook;
  • Make sure bank account details are never disclosed, for example justgiving pages or promoted campaigns
  • Limit the level of detail posted on company websites, such as ‘meet the team/corporate profiles’ or on CVs shared online with purported employers or agencies

Cyber security attacks

These will be more common as we move to a more tech-centric and tech-dependent society.

The recommendations are to follow NCSC guidance, have cyber insurance (if feasible) and ensure internet/device security is always on and current: https://www.ncsc.gov.uk/section/advice-guidance/all-topics

SME lending fraud

There has been a nine per cent increase in small and medium sized enterprise (SMEs) lending fraud since 2020.

Synthetic business credentials are created from stolen business and consumer data. They make it challenging for some banks to distinguish authentic loan requests from fraudulent ones

At Unity, we deploy a robust Know Your Customer (KYC) process. We ask security questions and insist on Multi Factor Authentication to help protect customers from this emerging trend.

Fake apps/websites that target bank accounts

In order to keep personal information online secure, many people are advised to use two-factor authentication. This provides an extra level of security when entering sensitive details such as passwords.

Fraudsters are aware of this extra layer of protection, and at the beginning of this year researchers at mobile security firm Pradeo discovered a fake app called ‘2FA Authenticator’ on Google Play, which was downloaded more than 10,000 times before it was removed.

The app disabled system security checks on victims’ devices and secretly installed malware that stole victims’ banking login data. Similarly, fake websites can ‘harvest’ sensitive data such as login credentials and parts of PINS/passwords.

As we roll out our digital banking platform, please ensure that the mobile device you use is ‘clean’. Only use the designated login method/site to access your Unity Trust Bank account.

Spoof calls or texts

A common technique deployed by fraudsters is to imitate or ‘spoof’ banks such as Unity.

Alternatively, scammers will make automated ‘robocalls’ with pre-recorded messages. These invite people to press numbers on the keypad to speak to them about an issue. These are often around a suspicious payment.

Criminal gangs will often have personal details about victims already. They possibly have this information as a result of a cyber attack or from social media. These details make the scam more believable.

Fake texts are also a way of enticing people to click on links that can at first appear legitimate.

Ultimately, fraudsters want personal information, or for victims to send money to a ‘safe account’ controlled by them. Again, be mindful that Unity Trust Bank will NEVER ask for passwords or PINs and our call centre is UK-based.

For more information on how to protect your business against fraud, visit our Customer Hub: https://www.unity.co.uk/customer-hub/