Authentication fraud can occur when fraudsters take advantage of legitimate owners who conduct a digital financial activity, such as through a mobile phone app, mobile browser or PC internet browser, to:
- Open a bank account or credit card through mobile or online banking.
- Enroll a bank account or credit card with a third-party payment provider or proprietary merchant contactless mobile or digital wallet.
- Enroll in a person-to-person (P2P) payment service or initiate a P2P funds transfer.
- Initiate a payment transaction from a digital wallet.
In a remote access scam, the fraudster contacts the victim, often by phone, malicious web site, or a pop-up ad, and claims to be an employee of a legitimate company such as a computer software or security company, a cable/internet company, or a large online retailer, like Amazon. The fraudster asks the victim to initiate remote access or download an app to his/her computer, phone, or tablet in order to help resolve a fake technical or billing issue.
With control of the victim’s device, the fraudster can access files containing financial accounts, passwords, or personal data, or install viruses or malware that could also compromise sensitive information. Many victims of online bank account takeovers report they had recently allowed someone to log into their computer, phone, or tablet through remote access. When a fraudster takes over someone’s online bank account, it can lead to the theft of the victim’s money through various means, including wire fraud, peer-to-peer (P2P) payment fraud, and ACH fraud
Once the phony tech support company or representative makes verbal contact with the victim, the subject tries to convince the victim to provide remote access to their device. Once the subject has control, additional criminal activity occurs. For example: The subject takes control of the victim’s device and/or bank account, and will not release control until the victim pays a ransom.