top of page
  • Writer's pictureRoy Urrico

Cybersecurity Roundup: Auto Loan Fraud, Ransomware Threats and Elderly Scams

By Roy Urrico

The following three reports cybersecurity reports focus on the consequences of cybercrime impacts auto lending, ransomware and the elderly.


Identifying $7.9 Billion Auto Lending Fraud

Frank McKenna, co-founder and chief fraud strategist at Point Predictive.

San Diego-based Point Predictive, which develops artificial intelligence (AI) consumer lending solutions, estimates that auto lenders experienced $7.9 billion in losses from fraud and material misrepresentation in 2023. That is among the findings in its 2024 Auto Lending Fraud Trends Report.

The Point Predictive report draws upon intelligence gathered from over 180 million historical loan applications and 27 billion unique insights. This dataset encompasses billions of dollars in both unsuccessful and successful fraud attempts nationwide, providing unparalleled depth and accuracy in identifying emerging fraud trends.

“We are delighted to share our 2024 Auto Lending Fraud Trends Report with the public,” said Frank McKenna, co-founder and chief fraud strategist at Point Predictive. “Since 2017, Point Predictive has proudly served the auto finance industry, delivering innovation and automation to help manage the problem of auto lending fraud. We always knew that the collective insights and collaboration of the auto finance industry working together to fight fraud was the future, and we are proud to be driving that effort.”

While the absolute level of fraud loss impact decreased slightly in 2023, that was due to a drop in overall origination volume from $751 billion in 2022 to $685 billion in 2023. The overall rate of applications that contained evidence of fraud and misrepresentation increased by 6% over 2022.

Chart Source: Point Predictive.

Other key findings from the report include:

  • A 98% growth in synthetic identity attempts, signaling a significant shift in fraud tactics.

  • A 30% increase in credit washing, attempts to hide negative data, driven by illicit credit repair activities.

  • Reports of bust-out fraud, which involves the use of synthetic identities to apply for multiple car loans simultaneously, by financial institutions and lenders increased 27% in 2023 over 2022.

  • The emergence of “Fraud as a Service,” fueled by increased social media sharing online. “There was a notable spike in September and October of 2023. This was due to fraud-as-a-service gangs that began to target online auto lenders,” revealed the report.


Organizations Risk Breaking Law to Pay Off Criminals

Source: Bridewell.

Research, Cybersecurity in U.S. Critical Infrastructure, released from Houston-based global cyber firm Bridewell discovered one in three organizations risk breaking the law by paying off cybercriminals. The research surveyed cyber decision makers across the U.S.’s critical infrastructure (sectors which are critical to the running of everyday society, such as finance, aviation and energy.


The findings are in new research by cybersecurity services firm Bridewell, surveying 519 staff responsible for cybersecurity at U.S. critical infrastructure organizations in sectors such as financial services, civil aviation, telecommunications, energy, transport, media and water supply.


Findings revealed 36% of breached critical infrastructure organizations have paid off cybercriminals after a ransomware attack, with nearly two-thirds (66%) having experienced at least one ransomware attack in the past year. More than a third (38%) suffered up to five ransomware attacks, but a small percentage of organizations (32%) experienced more than a hundred attacks. Over three-in-ten U.S.-based critical infrastructure organizations (36%) that have fallen victim to a ransomware attack have risked legal repercussions by paying a ransom.


The report noted in some cases, for example, when an organization has no ability to recover from a successful attack, there may be no choice other than to pay the ransom. However, payment can risk evading U.S. and United Kingdom laws that prohibit dealings with sanctioned individuals or entities. According to the study, at present, prosecutions are uncommon, however, the U.K. and U.S. governments have floated the idea of implementing a payment ban.


The research findings also exposes the multiple consequences of a ransomware attack on the U.S.’ critical infrastructure. Over a third of respondents, for example, cited a psychological impact on employees (36%). Downtime (43%), data loss (43%) and reputational damage (41%) are all repercussions that respondents say their organizations have suffered, along with operational disruption (40%).


Other repercussions include over a third of organizations (36%) facing increased insurance premiums, and 35% incurring financial losses from legal fees or fines. The average cost of a ransomware attack on U.S. critical infrastructure organizations is now $509,942, the research reveals.

Anthony Young, CEO at Bridewell.

“If you fall victim to a ransomware attack, paying the ransom should always be your last resort. Aside from the risk that cybercriminals may not restore access upon payment, there are also potential legal consequences to consider,” said Anthony Young, CEO at Bridewell. “That being said, there are certain situations where organizations have no choice other than to pay. If the organization has no ability to recover, then paying the ransom may represent the only viable option to resume operations other than rebuilding their systems from scratch. However, this difficult choice is avoidable by having a security strategy to reduce the risk of threat actors gaining access and transversing through your systems without discovery and effective removal. Building a relationship with a trusted security partner who understands your environment and the complex challenges faced by critical infrastructure can help you mitigate this risk by having the right expertise, resources, and support if the worst was to happen.”


Senior Fraud Losses Exceed $3 billion


A study of 2023 FBI data by Los Angeles-based data protection service Incogni, found the total sum lost by U.S. fraud victims aged over 60 reached an all-time high last year of $3.4 billion. Incogni identified 12 of the 30 crimes categorized by the Internet Crime Complaint Center (IC3), a division of the FBI, including identity theft, phishing, and personal data breaches, affecting elderly victims.

Darius Belejevas, head of Incogni.

“People of all ages are potentially vulnerable to cybercrime, but the threat is particularly acute for seniors who didn’t grow up as digital natives,” said Darius Belejevas, head of Incogni. He added, “These latest figures are extremely alarming and show how older people living in the U.S. are being deliberately targeted by fraudsters looking to exploit their personal information. Unfortunately, the problem has got steadily worse in recent years. Elderly victims are losing greater sums of money each year to the criminals behind these sophisticated phishing scams and acts of fraud.”

Other findings included:

  • The highest average losses were suffered by residents of Hawaii ($61,734), the District of Columbia ($57,544), and California ($55,346).

  • Across the U.S., more than 100,000 complaints came from victims aged over 60 - a 15% increase compared to 2022.

  • The majority of crimes (87%) across the county involved fraudsters gaining access to victims’ personal information.

  • Tech support scams (17.5%) were the most frequent tactic used by criminals targeting seniors; 17,700 such complaints came from those over 60s, who together lost $598.9 million.

  • Investment-related scams among over 60s have soared by more than 500% in three years.

Incogni’s unique research also revealed that many of the crimes are data facilitated with fraudsters gaining access to personal information online, such as that held by data brokers. More than half (57.1%) of the crimes reported last year were facilitated or exacerbated by the availability of victims’ personal data online.

One of the reasons for the total increase in losses is the rise in investment-related scams, which have soared more than 507% among the over 60-crowd since 2020. In 2023, victims lost $1.24 billion to investment fraud, with an average loss of $193,000 per complainant.

The rise of new cryptocurrencies has provided further opportunities for fraudsters to steal large sums of money from older Americans, with victims losing an average of $97,400 to these crimes. The over 60s in the U.S. are also being targeted with confidence and romance scams, in which fraudsters prey on loneliness. These types of scams led to losses of $356.9 million last year.


bottom of page