Online fraud is on the rise, across all digital surfaces, including online marketplaces, social media and messaging services. The Global Anti-Scam Alliance reports that the number of scams reported worldwide increased by 10.2% from 266 million reports in 2020 to 293 million reports in 2021. The amount of money lost in scams grew by 15.7%, from $47.8 billion in 2020 to $ 55.3 billion in 2021. Online fraud is the most common crime in the UK, yet according to the World Economic Forum, just 0.05% of cybercrimes are prosecuted. 66 billion spam messages were sent across all messaging apps and texts in the US in 2022, which equates to almost 200 spam messages per adult per year. It’s projected that US consumers could lose up to $28 billion in fraud and scams in 2023. In the UK, in a major investigation in June 2023, The Guardian newspaper reported that scams on Meta alone will cost UK consumers $250M in 2023, and that UK consumers fall victim to a Facebook- or Instagram-originating scam every 7 minutes. Lloyds TSB reports that, in the UK, 80% of impersonation scams involving its customers originate on Meta platforms.  

"In the UK, in a major investigation in June 2023, The Guardian newspaper reported that scams on Meta alone will cost UK consumers $250M in 2023, and that UK consumers fall victim to a Facebook- or Instagram-originating scam every 7 minutes."

The financial services sector is calling for significantly increased penalties and incentives on online platforms to tackle this problem. As things stand, banks are liable to refund their customers for fraudulent transactions, but the online platforms are not. The standard defence to the proliferation of fraudulent materials online is that scammers are sophisticated, and keeping on top of things is challenging.

Spotting scams and keeping consumers educated about them is undoubtedly challenging. New scams emerge frequently, meaning scam and fraud prevention is not a ‘one and done’ proposition. Companies need proactively to monitor and assist their consumers in identifying and avoiding fraud.

Often, this task is outsourced, with spamware or malware being used as a filter to prevent external threats coming into a particular platform or website. Certain companies - particularly financial institutions - also engage in ‘point of risk’ messaging to their consumers, flagging potential concerns at the point of transferring funds to non-customary recipients, and asking consumers to double check if the transaction and payee are genuine.

These measures are helpful, but rely on external filters and consumers’ abilities to spot fraud in order to be effective. Both approaches shift the responsibility externally, are not particularly scalable, and ultimately do not help an organization’s brand credentials when something goes wrong. These measures are particularly ineffective in E2E environments, where messages cannot be scanned by external malware, and platform operators cannot provide contextualized scam warnings to their consumers.

There is no shortage of information available on current scams and the tactics of fraudsters. The problem appears to be how to surface this information to consumers, before it’s too late. The Global Anti-Scam Alliance has synthesized many of the options available in its 10 Recommendations to Turn the Time On Scams.

One solution, in particular, may be to enable client-side or DNS-level scanning, in order to detect and block scam, phishing and other fraudulent links. In this solution, a platform such as WhatsApp could partner with an entity that maintains up-to-date databases of known scammer, phishing and fraudulent links so that if one of these links appears in a message to consumers - even in encrypted environments - the consumer can be alerted, and warned not to click. Client side scanning (CSS) could even be implemented in such a way so that malicious messages containing problematic links are automatically deleted, and never reach the consumer in the first place.

Scams and fraud are so prevalent that they have become essentially a societal problem for all online consumers, and the business and service providers who want to engage them legitimately. Essentially, anyone with a phone number or email address can be spammed.  We have all received phishing and other scams, and we all feel somewhat sophisticated when we can spot these scams for what they are.  But the increasing credibility of scams, using lookalike sites and plausible URLs, means it’s unrealistic to rely on human discernment alone.  

The potential upside of a CSS solution is significant, in that everybody wins. Consumers are protected, as are the brand credentials of platforms. There is also a wider societal benefit in that consumers, service providers and businesses can transact and engage with more confidence and efficiency if it became widely accepted that scams and fraud were significantly derisked. Email programs already routinely use a Spam filter to divert suspicious messages. Imagine a solution where all unsolicited messages, spam, phishing attempts and other scams were seamlessly and invisibly dealt with, so that they never reached your WhatsApp, text messages, social media or email in the first place.