NThere has been a 108 per cent increase in reported voice scam cases year-over-year across the Asia–Pacific (APAC) region, according to a report by BioCatch, a fraud prevention organisation. The report finds that mobile malware is the main threat to banks in Southeast Asia and is most commonly used to harvest data to execute fraud without alerting the victim, or to extort funds. APAC region witnessed a 17 per cent increase in mobile fraud last year which now accounts for as much as 70 per cent of all digital fraud in the area.
The report titled ‘Digital Banking Fraud Trends in APAC’ finds that account takeover via phishing and malware has been one of the most prominent methods of banking fraud in India. Additionally, the report states that mule accounts, impersonation-based fraud, and investment and part-time jobs scams have also emerged as the top concerns regarding banking scams.
Criminals use mule accounts as intermediate stops between the victim’s bank account and the final account from which they plan to withdraw their stolen money, often transferring the funds through a sprawling network of mule accounts at various banks in various countries to launder the money they have taken. “Detecting existing mule accounts is becoming one of the main priorities for banks, as well as establishing processes to proactively prevent them,” the fraud prevention agency states.
The laundering or phishing networks recruit mules for scams through job advertisements, social media posts, and phishing emails, often targeting vulnerable or financially distressed individuals who have access to corporate bank accounts with high transaction limits.
Banking Fraud Snapshot (India)
Account takeover via phishing and malware
Mule accounts
Impersonation scams
Investment & part-time job scams
The report finds that while some countries in the region saw their social engineering scam losses decline, the volume of sessions that exhibit scam behaviours more than doubled (108 per cent increase) in the last year. Here’s a look at banking fraud in other APAC countries/regions:
Singapore
Singapore, the report states, saw an explosion in its volume of scam cases, in spite of additional controls. It saw a rise in scams via WhatsApp and Telegram, including impersonation (friends), investment, and eCommerce (fake purchases).
Other major concerns were:
Job scams leading to money mules
Compromised Singpass leading to mule accounts and retirement fund (CPF) fraud
Australia/New Zealand
Australia saw 5 per cent fewer fraud cases involving attack tools (RAT, malware, etc.) in 2023 than it did in 2022, the report states. Still, the top scams across the country over the past year were related to the following:
Mobile malware
Social engineering scams (investment, romance, purchase, and impersonation)
Mule accounts
Phishing (credit cards)
Southeast Asia (SA region)
The Southeast Asian region comprises eleven countries namely, Brunei, Burma (Myanmar), Cambodia, Timor-Leste, Indonesia, Laos, Malaysia, the Philippines, Singapore, Thailand and Vietnam. These countries saw a surge in phishing attacks and app-based frauds such as the following:
Money siphoning apps (malware)
Illegal Pinjol loan apps
Social media scams
Malicious QR code payments
Hong Kong
Hong Kong also witnessed a surge in social engineering scams related to investment, romance, purchase, and impersonation which were majorly done with the use of AI voice and face. Like other APAC regions, it continued to grapple with mule accounts, mobile malware via accessibility services and QR code payment frauds.
The report suggests that there has been a surge of ‘Android apps as a means to scam people in the APAC region. While advanced mobile-device-mining programs like Vultur and SMSSpy are nothing new in APAC, malware developers continue to improve the capabilities of their software to circumvent bank controls.
It finds that scammers are also creating illegal online lending apps called “pinjol”. These apps are available on Google Play and are used to lure victims with promises of a quick and painless online loan.
