Cybercrime has undoubtedly risen during the Covid-19 pandemic, but the risk of attack has not been equally spread across society.
From a corporate perspective, larger organizations are more at risk than smaller firms, as the gains from successful attacks are so much greater.
The latest Cybercrime Report from LexisNexis Risk Solutions highlights that there is a similar divergence from an individual perspective too. It reveals that the people most vulnerable to cybercrime tend to be adults over 75 and younger adults.
The report analyzes all cybercrime activity from July 2020 to December 2020, and reveals the unprecedented growth in criminal activity across the world.
Criminals were taking advantage not only of the uncertainty caused by the pandemic but also the flood of new users to digital channels, who were especially susceptible to attack.
Much of the rise in cybercrime was driven by considerable growth in global transaction volume, which rose by 29% compared to the back half of 2019. This was driven primarily by e-commerce and financial services, with these sectors also most vulnerable to attack.
Interestingly, there was a clear shift in the nature of the attack, with human-initiated attacks falling by around 180 million during 2020.
This was compensated by growth in bot-initiated attacks by around 100 million. The e-commerce sector was a particular recipient of this new wave of bot attacks, with mobile payment systems a particular target as the pandemic prompted a surge in contactless payment.
While it’s common for the surge in remote working to be attributed with the rise in cybercrime, the authors believe a more likely culprit is growth in the number of stolen identities on the black market. They suggest that fraudsters had been testing the value of these lists, with a number of large-scale and high-velocity attacks detected from the same location. These automated attacks were typically aimed at e-commerce platforms.
Once the stolen credentials have been tested, they can then be utilized on more valuable attacks, such as account takeovers, which can target a wider range of industries and especially financial institutions. The authors argue that the surge in bot-based attacks is likely to have laid the ground for a surge in human-led attacks in the year ahead as human hackers seek to capitalize on fully tested credentials.
The authors believe that the particular vulnerability of young and old adults is largely due to the surge of new customers going online during 2020. It’s easy to assume that young adults are tech-savvy and therefore relatively immune from attacks, but they often have a false sense of their capabilities and therefore tend to be more relaxed, especially in terms of their willingness to share personal information.
“While millennials and zillennials are most susceptible to fraud attacks, the average fraud loss per customer increases progressively with age, likely influenced by larger disposable incomes later in life,” the authors explain.
“The paradox of why fraudsters choose to target the younger age group in proportionally higher volumes can perhaps be answered by the fact that higher success rates can offset the lower monetary gains.”
The older demographic, by contrast, are much less familiar with the latest technologies, and it’s their lack of familiarity which raises their own susceptibility to the various scams and phishing attacks that criminals will target them with. Just as predators in the animal kingdom will target the weakest in the pack, so will criminals look for the easiest potential targets.
“The over 75 age group, sometimes referred to as the silent generation, generally has less familiarity with the latest digital technologies and may therefore be more susceptible to scams and phishing attempts,” the authors say.
Interestingly, whereas the dominant image of cybercriminals is of attackers striking from China or Russia, the report found that the largest volume of attacks actually originated from the United States, with Germany, Canada, and the United Kingdom also popular locations for cybercrime.
There was, however, strong growth in attacks from smaller nations, with Bahrain and Zimbabwe seeing significant growth in human-led attacks, and the United Arab Emirates and Isle of Man seeing strong growth in bot-led attacks.
Ultimately, with more and more of us going online for a large part of our lives, it’s vital that organizations not only strive to ensure customers are safe and secure, but to make extra effort to ensure that the most vulnerable segments of their customer base are protected from attacks.
“Protection of the older, and potentially more vulnerable population, is critical for organizations that are prioritizing a digital-first strategy,” the authors conclude. “Businesses must educate customers as to the modus operandi of fraud attacks, while ensuring that the online customer journey protects against attacks, with relevant and timely online messaging as appropriate.”