In a recent post on its official blog, Israel-based behavioral biometrics company BioCatch puts its spotlight on the growing popularity of remote access scams in today’s cybercrime landscape, and highlights ways of guarding against them.
The post, titled “5 Questions to Understanding Remote Access Scams” and authored by cybersecurity veteran Tim Dalgleish, defines remote access scams as “a unique scenario where victims are socially engineered to provide remote access to their computer via a legitimate remote access tool such as TeamViewer, LogMeIn, Go-To-Meeting, or a similar remote desktop software.” Once the permission has been granted, writes Dalgleish, the scammer is then able to steal personal and financial information which they can later use to defraud their target victim.
Dalgleish attributes the rise in the number of remote access attacks to the COVID-19 pandemic, noting that criminals are taking advantage of the dramatic rise in remote activity and online work to target digital accounts. More than 82 percent of victims are over the age of 65, and more than 70 percent of these attacks take place via phone call.
He notes that though all victims experience an emotional impact, the material consequences of such scams can range from “a few thousand dollars to someone’s entire life savings”, with total losses in Australia alone amounting to tens of millions of dollars per year and rising.
In speaking to the detection of – and protection from – remote access scams, Dalgleish points out that as the sophistication of the attacks continues to improve so too must the tools to address them. In that regard, he recommends non-static methods of fraud detection, specifically behavioral biometrics-based systems.
“Using behavioral biometrics, banks are able to protect customers after login and by detecting unusual behaviors that are indicative of RAT activity or social engineering,” writes Dalgleish. “When a user accesses their online banking site, BioCatch monitors a user’s actual behavior and compares it to their historical profile.”
By doing this, BioCatch is able to weed out anomalies in a user’s behavioral characteristics — ie. their behavioral biometrics signature — that are indications of fraud activity as it occurs. According to the author, analysis of remote access scams has shown that it takes a scammer a significantly longer to perform actions like clicking on a ‘Submit’ button, and other typically (to a ‘real’ user) simple actions.