How to use OSINT to Detect and Prevent Fraud

Fraud is a growing problem. From identity theft to mortgage fraud, criminality is thriving, especially where non-face-to-face interactions are commonplace. In England and Wales, fraud accounts for approximately 41% of all offences against individuals, making it the most commonly experienced crime. Its prevalence has made it the topic of government-led consultations and a significant focus for both law enforcement and financial institutions. The current global economic downturn has financially strained many, contributing to a rise in illicit activity as individuals become more susceptible to being defrauded or likely to commit fraud themselves. 

Seeing the potential for enormous profit, organised crime groups are adding consumer fraud to more traditional offences like drug and weapon trafficking. Like any business, sophisticated fraud rings are increasingly employing automation and technology to extract more money from their victims and maximise profits.

This rise in fraud activity exists within the context of ever-growing amounts of online data production. It is estimated that around 1.134 trillion MB of data is created every day. Could this present an opportunity, and could this data be analysed and interpreted as part of robust anti-fraud efforts? Below we explore some popular types of fraud, and then examine ways that open source intelligence (OSINT) can help detect and prevent them. 

Common types of fraud

Public sector fraud

Fraud schemes committed against the public sector vary in scope and range and include benefit fraud, illustrated by abuse of pandemic-related relief programmes, and tax fraud, as seen with the recent bust of a €2.2 billion VAT fraud scheme in Europe. In the European Union, VAT fraud is considered the most profitable crime, costing the bloc €50 billion in tax losses annually. Fraud committed against the government carries a certain level of depersonalisation and exists against a backdrop where perceived levels of public corruption remain at a worldwide standstill. This level of public distrust and belief that many public servants are on the take makes conditions ripe for fraud. 

In the UK, the government estimates that the public sector may be losing over £40 billion a year to fraudsters. To combat this and create a standard for fraud prevention, the Public Sector Fraud Authority was launched in 2022 to work with government departments and public bodies to understand and reduce the impact of fraud.

Investment scams

People looking for extra ways to make money during periods of financial uncertainty often fall victim to investment scams. Common on social media platforms, schemes promising too-good-to-be-true returns can easily lure victims into forfeiting their money. Cryptocurrency scams, often executed on encrypted messaging platforms like Telegram, falsely promise huge gains and capitalise on the volatility and lack of understanding of these new assets. Pump-and-dump schemes operate by purposefully hyping up certain coins, such as the Squid Game coin, only for the orchestrators of the scheme to sell them at top price, leaving late investors with massive losses. Other schemes use more traditional assets, such as fraudulent property investment scams or foreign exchange trading scams.

Authorised push payment (APP) fraud

APP fraud occurs when a customer is tricked into authorising payment to an account controlled by a criminal. Sometimes the criminal uses social engineering tactics to gain access, posing as a trusted individual like a bank employee. Other times, an individual makes a purchase to a malicious payee and never receives the promised goods or services. Scammers can also use emotional manipulation for romance scams, or target vulnerable people such as the elderly.

The growth of APP fraud can be attributed to the prevalence of real-time payments and its ability to facilitate instantaneous, irreversible transfers. Reducing APP fraud is a key priority in many countries including the UK, where the Payment Systems Regulator has recently published plans for a mandatory reimbursement scheme – generating a pressing financial incentive for institutions to tackle the problem.

Using OSINT to detect fraud

The online ecosystem holds many clues that can be used to detect fraudsters. Subjects can be screened against adverse media databases and watchlists issued by local and international law enforcement, to retrieve useful indications of potential criminality. Look out for the following:

• Are there any news stories about your subject or any related parties indicating involvement in fraud? 
• Is your subject on any watchlists or blocklists? 
• Does your subject have any criminal convictions in jurisdictions where that information is publicly available (e.g. some states in the United States)? 
• Is your subject mentioned in any less mainstream online forums, blogs or specialist/ local publications? Whilst these sources can be personal opinion and therefore less reliable, they can also raise or confirm suspicions of fraudulent activity.

In addition to these checks, OSINT can use public sources to detect networks and connections between suspicious parties. Consider the following, and analyse any links for clues for further investigation: 

• Who does your subject share corporate interests with? 
• What social media connections does your subject have?
• What addresses or companies have they been linked to?

If the subject is a company that purports to be trading, its website — or lack thereof — can be a useful source of information. A total lack of a website or one that works poorly and seems to have been put together hastily might suggest a scam. A higher quality website should be reviewed thoroughly: are there any addresses or phone numbers on this site that link to other companies that may also be suspicious? Who is the domain registered to? Reverse image search can even reveal that apparently legitimate goods or individuals shown on a site are in fact stock images.

Social media profiles can also demonstrate behaviours or lifestyle habits at odds with declared information, such as a subject’s salary or place of residence. What kind of lifestyle does your subject appear to have? Does this make sense given the information you know about them? 

After detecting an instance of fraud, OSINT tools allow complex investigation teams to take a deeper look and identify relevant networks. Analysing subjects, customers, counterparties, and affiliated networks of people and organisations can reveal fraud rings, allowing investigators to expand the scope of their inquiry beyond the initial subject.

To be most effective, investigations should combine publicly available information with internal records such as transaction data, personal details, government service accounts, IP addresses, or device metadata. These information points help paint a fuller and more comprehensive picture for any investigation. 

Proactive and reactive measures OSINT is a vital tool for proactive fraud risk management – screening subjects and cross-referencing against authoritative databases and lists. This helps stop fraudsters in their tracks. Additionally, OSINT is key for reactive fraud risk management, complementing the work of monitoring systems and advanced data analytics by allowing you to dig deeper into a subject and spot patterns and networks.  Once you’ve identified clusters of risk, what’s your next move? OSINT helps you learn more about your subjects and determine the most appropriate next steps.

Future-proofing and identifying trends

Looking ahead — how can you future-proof your organisation’s fraud risk strategy? Fraud and money laundering are becoming more intertwined, operating within a collective ecosystem of criminality. The convergence of anti-fraud and anti-money laundering (AML), sometimes known as FRAML, has emerged as a way of integrating teams and working across disciplines. 

For financial institutions that keep them separate, providing cross-training between AML and fraud teams and establishing meaningful information-sharing mechanisms are vital, as is establishing processes to maximise the power of OSINT.

For government agencies or others looking to understand current fraud trends and gain insight into what to prepare for, using OSINT is indispensable. Researchers can look through both surface web information and the dark web and hidden forums to understand emerging typologies. Strategically sourcing and analysing the wide range of information online can help government agencies fortify their anti-fraud programmes and design effective strategies. 

Things to look for in an OSINT provider: – Ability to search across multiple disparate data sources (eg. search engines, news and socials media, corporate records etc) and quickly identify relevant information such as connections to criminal or other risk-related activity. – Visualisation capabilities to help you understand complex networks. – Social network mapping by searching across, identifying and displaying connections between social media accounts/users. – Corporate network mapping that showcases corporate structures and highlights key connections. – Automatic crossmatching to capture similarities between names, addresses, and other data. – Ability to analyse internal data alongside external information, by easily searching across and importing information from records and documents. – Easy integration with other systems (eg. case management and e-discovery tools) for a consistent and optimal workflow.

With the widespread scale of fraud, governments and regulators are increasingly emphasising the need to crack down and protect consumers. To respond, both financial institutions and public sector bodies should be harnessing OSINT as an instrumental tool to detect and prevent fraud, used both on its own and in combination with advanced data analytics.

How Videris can help detect and prevent fraud 

OSINT tools like Blackdot’s Videris help investigators detect and prevent fraud in a single interface. They allow investigators to drill down into suspicious subjects and analyse their networks and affiliations to both prevent and react to instances of fraud. 
Book a demo today.