The traditional “January cost”, marked by an increase in payments, online purchases and financing requests, has become a particularly attractive scenario for cybercriminals. This context favors different types of financial fraud, which intensify when consumers and companies handle a greater volume of transactions. However, far from being limited to seasonal campaigns, experts warn that financial fraud has become professionalized and operates constantly throughout the year, with increasingly sophisticated and automated techniques thanks to artificial intelligence.

This is warned by Trend Micro, a leading cybersecurity company, which points out that attacks linked to financial fraud are no longer based solely on mass emails with obvious errors, but on highly personalized frauds, designed to deceive both consumers and, especially, company employees. “Cybercriminals have understood that attacking organizations is much more profitable than doing so individually,” explains David Sancho, senior security researcher at the company, referring to the rise of corporate financial fraud.

Sale of credentials in clandestine markets

In the consumer sphere, classic banking scams still exist, but they are becoming less and less effective due to the verification and reinforced authentication systems of financial institutions. This has caused criminals to divert their attention to other forms of financial fraud, such as the theft of accounts for everyday services – delivery platforms, e-commerce, social networks or email. The goal is not always to make large charges, but rather small recurring transactions or the sale of credentials in underground markets, where an account with saved payment methods can have a high value within the financial fraud ecosystem.

“A compromised email account is especially dangerous, because it allows the attacker to take control of the rest of the associated services and, in practice, steal the victim’s entire digital identity,” warns Sancho, underlining the indirect impact that this type of financial fraud can have.

However, the greatest growth is occurring in financial fraud targeting companies. Among the most common techniques are emails that include malicious QR codes or links to supposed documents in the cloud. By scanning the code or accessing the file from their mobile phone, the employee is left outside the usual protection systems and may end up entering their corporate credentials on fake pages that imitate services such as Microsoft 365 or virtual private networks (VPN), thus facilitating new financial fraud operations.

Identity theft

Added to this type of attacks is the use of artificial intelligence for identity theft through audio, videos or even fake video conferences, one of the most advanced forms of financial fraud. “We are seeing cases in which the voice or image of managers is recreated to order urgent transfers to the financial department. Frauds of tens of millions of euros have already occurred using this method,” says the Trend Micro expert.

The company also warns of a particularly worrying trend: the automation of hyper-personalized attacks linked to financial fraud. Thanks to AI, criminals can analyze public profiles on social networks or LinkedIn, identify interests, roles and responsibilities, and generate fake emails and web pages designed specifically for each victim, all on a large scale and with minimal effort.

“Before, customizing an attack required time and resources. Now, artificial intelligence allows us to do it automatically, quickly and with a very high level of credibility. This greatly expands the number of people and companies exposed to financial fraud,” explains David Sancho.

Economic and reputational damage

The consequences of financial fraud for organizations go far beyond the immediate economic impact. Added to the financial losses are reputational damage, loss of trust on the part of customers and suppliers and, in the most serious cases, operational interruptions caused by ransomware or massive theft of sensitive data, often linked to complex financial fraud schemes.

Among the most common techniques are emails that include malicious QR codes or links to supposed documents in the cloud.

In this scenario, Trend Micro highlights the importance of reinforcing security measures against financial fraud, such as multi-factor authentication, mobile device protection and continuous employee training, as well as the adoption of solutions capable of detecting not only the appearance of a message, but its malicious intent. “The challenge is no longer identifying if content has been generated by artificial intelligence, but rather detecting if someone is trying to manipulate or deceive us for the purposes of financial fraud,” concludes Sancho.

Alex Chen
Alex Chen

Alex Chen serves as the chief editor of Asia Tech Journal, bringing over a decade of experience in technology journalism. Previously writing for several globally renowned publications, Alex is celebrated for his insightful analyses and in-depth reporting on tech trends across Asia. Passionate about innovation, Alex specializes in the dynamic technology ecosystem of China and its global impacts.