Persistent vulnerability to fraud

Written by Vanessa Wilson

Regardless of training, awareness campaigns and phishing simulations, people are a limiting factor in your ability to control fraud. Being a risk management professional, I speak to my kids often about how to spot signs of a scam (typical preventive controls). "Nothing is free in this world", I keep telling my kids as they explore cyberspace.

Never-the-less, my daughter has fallen prey to scams involving virtual gaming currency and goods, despite her due diligence. 

An offer too good to resist: a third-party ‘secure’ platform facilitating virtual goods trades (in this case virtual pets) outside of the game platform. The first scam my daughter experienced involved trades within the game platform. So, this second offer seemed like a legitimate way to avoid in-game trades where scammers disappeared from the game on receipt of the goods.

The bait: the offer came from a video channel, which referred to a third-party website claiming to provide a safe platform for trading virtual pets. Eager to get more ‘exclusive’ pets, my daughter researched the website and found reviews suggesting it was reliable. She created an account on the third-party website and posted her trades. Before the trade could occur, she had to 'like and subscribe' to the video channel. Nothing out of the ordinary there.

The scam: shortly after, my daughter shrieked (not a planned detective control!) and then cried for a good while. She had lost every virtual pet she had offered for trade. After the 'like and subscribe' step, a link to ‘join’ the channel creator on the game platform was offered. And with a click of that button, the pets were stolen.

The aftermath: in an effort to correct the event, I took a screenshot of the fraudster's profile and lodged a complaint with the game platform. Maybe we won't see the re-instatement of any virtual pet ownership, but we can try to help prevent the scam for the next family.

The tactics that continue to deceive my daughter are the same ones that fuel more sophisticated forms of fraud: identifying vulnerabilities, building rapport, offering something of high value, and impressing a sense of urgency. My daughter was aware of the dangers, from my constant reminders and from prior encounters. Yet, the fraudsters were able to gain her trust.

Inevitably, there will be people in every organisation that will click the link. Too busy to read the email properly, sophisticated social engineering, or an offer too good to pass up, online fraud is all too common. While preventive controls might not guarantee safety, detective and corrective controls can help you to act quickly and minimise the tears.

Talk to us about:

-          Fraud risk assessment

-          Insider threat assessment

-          Fraud control assessment.

Photo credit: AI by Wix