Cyber security pros and risk analysts should be better than the average person at detecting fraud, but a little over three percent submitted their personal identification information to sign up for an app described as “Shazam for voice identification.”
Credit Trulioo, a global identity and business verification company, which launched an online fraud experiment to evoke some interest around International Fraud Awareness Week. (It was also National Nurse Practitioner Week and Dear Santa Letter Week and almost overlapped with Intimate Apparel Marketing Week.)
Trulioo said that despite the abundance of online resources and press coverage on fraud and fraud prevention, the Federal Trade Commission (FTC) received nearly 2.7 million fraud complaints in the United States last year.
So Trulioo set out to learn whether fraudsters, under the guise of a fake company, offering a fake product, could convince internet users to disclose their personal information.
It created a web page for a fictitious company called Agile ID Technologies, offering a fictitious mobile app, “Aurdentity”. Marketed as “Shazam for voice identification”, the fake mobile app claimed to use voice recognition technology to not only identify people when exposed to their voice, but also retrieve background information about them.
Trulioo ran a week-long campaign that delivered ads to compliance professionals, fraud and risk analysts, and other individuals who showed an interest in data privacy, cybersecurity and technology, and may even have had credentials. They were directed to a fake company’s web page where visitors were asked to sign up for Audentity by providing their personal information including name and email addresses. None of the information was recorded or stored, unfortunately eliminating the possibility of followup interviews.
The campaign resulted in a total of 2,139 unique visits to the fictitious company’s website. Of those visitors, 66 people completed the sign-up form.
“Had this campaign been an online scam, 3.1% of the targeted individuals would have become victims to it, putting themselves at risk,” Trulioo said in its release.
The average conversion rate for an email promotion is around 2.35%, but that’s for real businesses, not fictitious companies promoting a phony product.
"It's eye-opening to see this experiment result in 30% more sign-ups than the industry average conversion rates, especially given the tech-savvy audience targeted,” said Zac Cohen, general manager at Trulioo. “Awareness is a critical piece to reducing fraud and protecting users online.”
A simple Google search could have shown there was no information on an app called Aurdentity. Presumably at least a portion of the individuals who were invited to sign up did take a look for more information and decided not submit their personal information.
Trulioo suggests other ways to determine whether a site is legit such as checking the website’s related social media accounts, looking for comments by users, and other social media activity. One can also make an assessment based on the encryption status of the website: an HTTPS website is more secure than a plain HTTP site which is often vulnerable to data theft.
Another step is to check out the company that owns the app. A Google search would have shown that Agile ID Technologies doesn’t exist.
“The results from this campaign show that people are so accustomed to communicating and transacting online that they often become vulnerable to new and sophisticated fraud schemes,” added Cohen. “It’s not just individuals that are susceptible; even businesses are increasingly at risk of being exposed to fraud. In fact, according to the 2018 ACFE Report to the Nations, companies lose an estimated five percent of their revenue annually, on account of fraud.”
Trulioo said it was inspired by the SEC’s bogus coin offering.
The SEC set up a website, HoweyCoins.com, that mimics a bogus coin offering to educate investors about what to look for before they invest in a scam. Anyone who clicks on “Buy Coins Now” will be led instead to investor education tools and tips from the SEC and other financial regulators, it said in a release.
“The rapid growth of the ‘ICO’ market, and its widespread promotion as a new investment opportunity, has provided fertile ground for bad actors to take advantage of our Main Street investors,”said SEC Chairman Jay Clayton. “We embrace new technologies, but we also want investors to see what fraud looks like, so we built this educational site with many of the classic warning signs of fraud. I encourage investors to do their diligence and ask questions.”
“The website features several of the enticements that are common to fraudulent offerings, including a white paper with a complex yet vague explanation of the investment opportunity,” the release added. Of course, complex but vague descriptions are pretty common in both finance and technology. However the website also has promises of guaranteed returns, a clear violation of both law and common sense, and a countdown clock that shows time is quickly running out on the deal of a lifetime.
