Data from the Federal Trade Commission (FTC) reveals total fraud losses of $5.9 billion in the United States in 2021.
5.7 million reports of fraud were made to the FTC in 2021, with 25% of those reporting a loss. The most common types of fraud reported to the FTC in 2021 were:
- Identity theft
- Imposter scams
- Credit bureaus, information furnishers and report users
Why fraud increased in 2021
This data represents an over 70% increase in fraud losses compared to 2020. Factors contributing to the increase in fraud are varied, according to security leaders.
"One of the most notable factors is remote work — many businesses are finding remote (or hybrid) work to be the new, permanent normal. While working from home has kept businesses operating as usual, it also opened the door to new cybercriminal activity," said Hari Ravichandran, Founder and CEO of Aura.
"Hackers and scammers use everything from classic email phishing scams to advanced cross-site scripting (XSS) to steal sensitive information, sometimes posing to be an enterprise or a legitimate communication from an employer. Once the attacker is in and has stolen credentials, they can commit individual identity fraud or even hold company data or systems hostage," Ravichandran continued.
The rise in ecommerce could also be a contributing factor, according to Gergő Varga, Tech Evangelist at SEON. "Digitalization accelerated, but the necessary security rails weren't always in place. That means that many services that migrated online are now playing catchup, but the problem might become worse, as the fraudsters are now ahead. With the rise of phishing kits and mass phishing attacks masquerading as legitimate services to trick unsuspecting consumers, we already see this."
Strategies to combat fraud on an enterprise level
In a rapidly transforming digital world, enterprise security leaders looking to combat fraud may focus on access control and data loss prevention.
Varga recommends a people-centric approach to fraud prevention. According to him, security leaders should "look into proper security training for your staff as social engineering attacks are on the rise through all channels. Your employees are prime targets because of their access privilege to sensitive data — a goldmine for cybercriminals. It might be worth investing in internal security — access control, two-factor authentication (2FA) — to mitigate these kinds of threats just in case. We know that humans are traditionally the weakest links in terms of security, so you have to prepare in advance for worst-case scenarios."
In addition to security awareness training, enterprise organizations can invest in fraud protection to secure their employees. "Enterprise security leaders must realize the importance of protecting employees online no matter their location or device," said Ravichandran.
"Leaders can protect their employees by investing in identity theft [protection] as an employee benefit. While employer-paid services like this can come with some cost to organizations, they prompt employees to become more engaged with the digital safety of themselves and the enterprise."