FS PortalContact Us
Articles & Events
December 16, 2021

Cybercrime – another of Fraud’s many faces

Will the “hack” at BDO turn out to be an inside job as now seems more and more likely?

If so, will we still call it by the classy, new name of ‘cybercrime’ or will we give it the more old-fashioned name, ‘fraud’.

For fraud it is, as is all cybercrime. And the defenses against it are not all that different from the defenses we have in place (or should have in place) against fraud in general.

The Event

From late November 2021 the accounts of a large number of Banco de Oro Unibank (BDO) were affected by unauthorised transactions. BDO and the authorities are investigating the unauthorised transactions and the affected customers will be reimbursed. Investigations so far suggest that none of the affected customers contributed to the breach, for example by exposing their passwords or clicking on suspicious links.

While investigations are ongoing, there are already lessons we can learn.

Differing Perceptions

When we write an article about cybercrime, the editors look to illustrate it with images – mainly in electric blues – featuring ones and zeros and sharp-imaged computer screens and laboratory-clean sets.

Like the image we have used at the top of this article.

Fraud, on the other hand, is depicted in shadowy figures, masked individuals, secreted bags of money.

Cybercrime, we tend to think, is carried out in hi-tech call centers in developing countries; fraud by skulking local gangs, or disenchanted or entitled company executives.

False dichotomy

The BDO case gives the lie to this false dichotomy.

Does it matter that we should start to think more clearly about this issue?

Yes, it does. It matters a lot.

Consider the training we give staff on cyber-security.

We teach them about the modalities: the man-in-the-middle schemes; the dangers of social engineering; the vulnerabilities of password types.

And we focus again and again on the theme – ‘Don’t click on the link!’ (Because somebody always does click on the link, and that makes us focus – indeed fixate – on individual responsibility.)

When we teach staff about fraud, we certainty do talk about the modalities, but we teach them a great deal more about the perpetrator. We show them the fraud triangle, we expose them to scenarios about the company secretaries authorizing fake invoices, we teach them to be vigilant.

Stronger defenses

In hardening our defenses against fraud, we teach collective responsibility, we allocate community ownership, we acknowledge that staff vigilance offers one of our strongest protections against fraud and we foster a spirit of shared responsibility.

If we focused less on the technology of cybercrime – let’s cut the jargon, let’s call it cyber-fraud – and more on fostering an attitude of shared vigilance, we’d be much better at preventing it.

How to engender this shared responsibility?

Every business is different; every industry faces a different profile of fraud vulnerabilities. Every workforce exhibits a different ethos.

An off-the-shelf cyberfraud training solution will fit many businesses, but many others will need something more tailored.

Do you have workforces in multiple jurisdictions, facing different regulatory regimes, managing different products?

Are your staff members allocated to tightly-bound teams, or do they belong to a less-siloed whole?

How many of your staff are technicians? How many are masters of people skills? Different staff mixes may require different approaches as you work to engender the shared responsibility for vigilance that is your key defense against cyberfraud.

You cannot fail to consider these questions when you allocate resources to your training program.

Key message

If the criminals that did the BDO hack had been embedded in a milieu where other staff were watching them, do you think they’d have gotten away with it so easily?

GRC Solutions

Talk to us about custom eLearning content development to fit your business. We already provide this service to some of the largest financial services companies in the region.

Salt® Adaptive
30 day free trial

No credit card required. Cancel anytime

Power your own e-learning with data analytics.

Creation + User Analytics

Our platform is designed to enable our users to efficiently create e-learning courses that are equipped with the latest technology that can provide full user insights based on the activity of the course learner.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Modern Slavery Awareness

A short awareness course for all staff to help them identify risks of Modern Slavery.

You might be interested in...

November 24, 2022
Turning Compliance Training Challenges into Opportunities

LearnX Live! 2022 recognises some of our great partnerships

November 8, 2022
Not a question of if, but a matter of when: the vulnerability of data in business cyberspace

A moment of complacency, a daydream, or a (well-put-together) phishing email is all it takes for hackers to bypass even the most vigilant staff in your organisation.

Not sure
where to start?

Give us a call or complete the form and we'll be in touch soon

Off to a great start! One of our customer service representatives will be in-touch shorty.
Oops! Something went wrong while submitting the form.