How people help fraudsters steal their money: an analysis of 600 online banking fraud cases

This paper presents an analysis of 600 phishing and malware incidents obtained from a Dutch bank. We observed from these cases that the behavior of customers in the fraudulent process entails giving away personal information to fraudsters. Phishing victimization occurred by responding to a false e-mail, a fraudulent phone call or a combination of these. Malware victimization occurred by responding to a pop-up and by installing a malicious application on a mobile device. Customers cooperated because the fraudulent messages were perceived professional and because they were not sufficiently suspicious. Our data suggests that customers have an active role in the fraudulent process. An interesting finding is that customers not always trusted the intention of the fraudster, but were mentally unable to stop the process. They did not read or pay attention to information on their screens that might have prevented the incident. We conclude this paper with recommendations for fraud mitigation strategies.