The troubling effects of online banking fraud on mental health

This article has been written in collaboration with Serenis, an Italian digital platform for mental health. All medical information has been provided and approved by Martina Migliore, cognitive-behavioral psychotherapist, Director of Training and Development at Serenis, and expert in Superhero Therapy.

It is a fact now. Digital fraud is growing exponentially due to the intensive use of digital services. 

Researchers estimate that, in 2023 alone, online scams will increase by 20% compared to the previous year, resulting in a total economic loss of approximately 48 billion dollars.

The online banking sector appears to be the most affected as the development of innovative payment services makes users faster but also less protected.

To thrive in a highly competitive landscape where cybersecurity is crucial, a bank that aims to stay close to its customers must consider the impact that fraud can have on people’s mental health in the long run.

In this article, we discuss the consequences of online banking fraud on people's mental health and how they can be mitigated through prevention, carried out by anti-fraud solutions, and psychological support, offered by industry specialists. 

‍

Online banking fraud refers to any illicit activity carried out on the financial institution's web application or mobile apps that results in an economic loss.

The schemes used today by cybercriminals are much more complex than before. We talk about multidimensional fraud, as they are carried out by combining different techniques (malware, social engineering, fast-cash-out, etc.).

The most common attacks are aimed at taking control of the victim's online account illegally to steal sensitive information or money. Typically, the targeted accounts are emails, social profiles, and bank accounts. The technical word used in the industry is Account Takeover (or ATO).

To do this, fraudsters employ social engineering techniques and/or the use of advanced malware that is installed on the victim's device to steal credentials.

These are often automated malware, which acts without requiring the fraudster's intervention, making them more easily scalable to a larger number of victims. Moreover, they are difficult to identify because they act when the victim is performing an action (for example, a bank transfer to a legitimate account that is then redirected by the malware to an illicit one). These types of attacks are called Automatic Transfer Systems (or ATS). 

The most dangerous attacks today are perpetrated via social engineering, activities aimed at tricking customers through psychological manipulation into giving access to personal information or committing security mistakes that let fraudsters accomplish their breaches.

According to research conducted by CertFIN in the Cybersecurity 2023 Report, over 67.5% of actual fraud cases in 2022 started with phishing campaigns, specifically exploiting phone calls (vishing) and SMS messages (smishing) as initial points of contact. A common practice is when fraudsters send text messages to victims, falsifying the sender (spoofing) and impersonating, for example, a bank or a courier. These messages are designed to fit into the existing legitimate conversations on the victim's phone. As a result, it becomes more difficult to realize that fraud is occurring

At this point, various scenarios can unfold:

- The user is redirected to a fake website where their credentials are stolen.

- The user is prompted to download an attachment containing malware.

- The user is prompted to download a malicious app disguised as the bank's or courier's new app.

What plays a key role in the success of these attacks is the ability to psychologically manipulate the victim.

For example, through Authorized Push Payment fraud, criminals pretend to be the victim’s boss, friend, or bank representative, to request a urgent bank transfers. Since the victim takes the action, the sense of guilt for falling into the trap and the feeling of being deceived has a tremendous impact on self-perception and future attitudes of distrust towards the use of digital applications.

Although the balance seems to tip in favor of fraudsters, it is important to highlight how, as a counterweight, the development of new technologies is facilitating the improvement of anti-fraud solutions.

To prevent and stop fraud in online banking, it is essential to integrate multiple advanced detection mechanisms with the right processes, mindset, and tools.

On one hand, it is crucial for banks to educate and raise awareness about cybersecurity issues to help their customers make informed choices. On the other hand, they must rely on advanced prevention systems capable of real-time detection. Even for the most complex attacks.

For example, at Cleafy, we have developed a fraud management solution that continuously analyzes online activities across all digital channels, combining various detection technologies with proprietary threat intelligence expertise and data.

Thanks to this, we enable fraud management teams to collect and analyze all the information related to user identity, device, and transaction, and automate the most appropriate responses based on actual threat patterns rather than generic risk scores.

Being a victim of fraud triggers various cognitive dynamics and subsequent emotions: people feel cheated and victims of injustice, experiencing intense anger. This emotion is perhaps the most intuitive, leading to seeking some form of revenge.

This behavior can become an obsession that consumes the victim's daily life. Until some form of justice is obtained, actions, thoughts, and emotions are completely focused on restoring the lost balance.

In these cases, impulsive actions may occur, further ruining the victim's life, as they find it unthinkable to leave the incident behind.

Another situation that can arise is the total opposite: the victim feels responsible, guilty for falling for the scam, self-criticizing intensely, and experiencing intense feelings of shame and sadness.

The associated behavior in this situation might involve denying the incident as much as possible and avoiding any situation that could even remotely pose a risk of fraud. When shame and fear come into play, the generated mistrust is significant, and strong social withdrawal can occur.

First and foremost, it is important to start from the assumption that anyone can fall victim to fraud, including those who claim, "It will never happen to me, I'm too smart."

Today fraudsters are extremely familiar with the psychological dynamics that make certain offers attractive and ensure they target the right people based on their presumed needs.

When we have a strong need for something or when something has great appeal to us, such as money or sex, our defenses, and critical eye become more vulnerable.

The line between distrust and trust can be very thin in many situations. Keeping self-criticism as low as possible, we must differentiate personal worth from the fraud itself: it does not define who we are, but it only highlights a moment of need that someone unscrupulously took advantage of.

It is entirely natural to want to recover what was lost but keep in mind to do it with the right specialists by your side. Be aware, however, of the costs that can be paid if the scam becomes an obsession, limiting freedom in our life. 

It is said that those who embark on a journey of revenge need to dig two graves: one for the object of revenge and one for themselves. If needed, a path with a psychotherapist can help regain serenity.

The increasingly advanced methods devised to deceive people and lure them into digital traps make it impossible to fully protect customers. What can truly make a difference is the ability of banks to perceive, even in the negative and undesirable event of fraud, an opportunity to be close to their customers, for example, by offering psychological support services like those provided by Serenis.

In this way, people will perceive a greater sense of security in their digital banking experience, which goes beyond prevention and helps mitigate the negative consequences in case prevention proves insufficient.

To foster stronger long-term relationships, banks must become the primary advocate for their customers, not only in the economic sphere but also in the emotional and psychological realm.

Let’s see which banks will introduce psychological support for their customers in the future.