I had a fascinating conversation with one of my friends, an expert in fraud detection and prevention. We chatted about trends and new fraud attack vectors, which made me stop and think: fraudsters are getting far too good at playing the long game.
Here's an example - would you come up with such a game plan?
You apply for a job, let's say, through LinkedIn. It looks legitimate. The company page checks out. The recruiter has a credible profile. You upload or send your CV, maybe even answer some "screening questions".
Congratulations, the fraudsters now have your full name, email address, phone number, employment history, and, in some cases, even your home address. That's not just data, that's ammunition.
A few days or maybe even weeks later, you get a call from a "bank". They tell you they're just following up because "the loan you applied for has been approved". Of course, you never applied for a loan with that bank. However, because they reference your personal information, which they obtained from the fake job post, such as your place of work, the industry you're in, and possibly even your financial situation, it suddenly feels plausible.
They don't ask for your password. They don't need to. Instead, they say: "We just need to verify your account number, so we can cancel the loan if it wasn't you.".
But the account number they read back isn't yours. And here's the sting: through clever social engineering, they trick you into making a "verification" or a "refundable cancellation fee" payment. They've turned your job hunt into their revenue stream.
I have to admit: it's sophisticated. And it's a sign of where fraud is heading.
Fraud today isn't always about brute-force attacks or phishing emails with bad spelling. It's about exploiting trust, context, and timing. It's about knowing that when you're in a vulnerable moment, such as searching for a new role or anxious about your finances, you're more likely to believe a convincing voice on the other end of the phone.
And the numbers back this up. UK Finance's latest fraud report shows that Authorised Push Payment (APP) fraud,where victims are tricked into sending money to criminals, continues to rise, costing over £459 million in 2023 alone. Account-to-account fraud is increasingly powered by psychology, not technology.
So where do we go from here?
Banks need to double down on proactive customer education, not just after the fact.
Platforms that enable the collection of personal information must recognise that fake job postings aren't just spam, they're fraud pipelines.
Individuals need to adopt the mindset that any unexpected call about money is a potential attack vector.
Fraudsters are innovating faster than ever. Sometimes, I almost want to give them credit for their ingenuity. But then I remember: every "clever" scam is someone's rent unpaid, someone's savings gone, someone's trust shattered. That's why we can't just admire the sophistication of these schemes. We need to out-innovate them.
Sources:
https://www.psr.org.uk/our-work/app-scams/
https://www.ukfinance.org.uk/system/files/2024-06/UK%20Finance%20Annual%20Fraud%20report%202024.pdf