Internet Organized Crime Threat Assessment (IOCTA) 2020 – important for Financial crime specialists

The data collection for the IOCTA 2020 took place during the lockdown implemented as a result of the COVID-19 pandemic. Indeed, the pandemic prompted significant change and criminal innovation in the area of cybercrime.

The study analysis the most common types of cybercrime including criminal abuse of dark web, payment fraud and child sexual exploitation online.

The most common cybercrimes to financial sector and its users are payment fraud which might be presented in various types.

SIM swapping is a key trend that allows perpetrators to take over accounts and has demonstrated a steep rise over the last year. SIM swapping is a type of account takeover and refers to the circumvention of SMS-based 2FA to access sensitive user accounts.

Similar to SIM swapping, SMishing has seen an increase over the past twelve months. SMishing refers to the sending of fraudulent text messages purporting to be from trusted senders, typically targeting financial institutions and their customers.

Business email concern (BEC) remains area of concern as it has increased, grown in sophistication, and become more targeted. BEC is a sophisticated scam targeting businesses and  organisations, whereby criminals employ social engineering techniques to gain access to an employee’s or executive’s email account to initiate bank transfers under fraudulent conditions, i.e. by pretending to be the CEO and asking the employee to carry out a payment. In many cases, BEC is carried out through a compromise of email accounts hosted by Office 365, access to which is typically gained through credential phishing in advance to the fraud. This is often possible due to limited security measures, such as a lack of 2FA; as well as a lack of awareness regarding spear phishing attempts.

Many law enforcement agencies and financial services identified online investment fraud as one of the fastest-growing crimes of the past twelve months. Online investment fraud refers to a fraud type whereby criminals aim to lure their victims into transferring them money with appealing get-rich-quick schemes. Offering commodities such as cryptocurrencies, diamonds, or gold, criminals promise victims extraordinary financial returns on their investments, while criminals keep victims engaged through websites showing fake investment returns.

Card-not-present fraud. Carding refers to the use of stolen card data to purchase goods or services. While carding has increased, criminals have moved away from targeting the airline industry towards the accommodation and rental sectors. Criminals take the stolen card details from dark web marketplaces (such as the Joker’s Stash51), which make it increasingly easy to obtain stolen credentials from specific forums.

Logical attacks on ATMs and POS devices remain a threat and have increased across most Member States. Among these, especially black-box attacks have proven popular, as organized criminal groups successfully manage to extract large amounts of cash in short periods of time.


Tips for business What employees shall do
–        Establish corporate policies and procedures

–        Secure corporate communications

–        Secure teleworking equipment

–        Provide secure remote access

–        Keep device operating systems and apps updated

–        Increase security monitoring

–        Regularly check in with staff

–        Raise staff awareness about the risks of teleworking

–        Access company data with corporate equipment

–        Use secure remote access

–        Keep business and leisure apart

–        Avoid giving out personal information

–        Think before connecting

–        Protect teleworking equipment and environment

–        Report suspicious activity

–        Develop new routines

–        Be careful when using private devices for telework

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances

Newsletter SubscriptionGet in touch