RSA has released its Quarterly Fraud Report for Q1, 2019. The report provides merchants and enterprise retailers with actionable data and insights to help inform and improve their eCommerce fraud prevention efforts.
“These data points are intended to broadly frame the current consumer fraud atmosphere, and identify relevant trends, by tracking broad indicators of online fraud across both financial and e-commerce focus areas,” the report states.
Overall, the report highlights some of the new trends amongst eCommerce fraudsters. Highlights include:
- Attacks by rogue mobile apps increased 300%
- 29% of all attacks were spear-phishing attacks
- Financial malware insertions increased 56%
- The shopping cart value of fraudulent transactions were 2x higher than for legitimate ones
Advanced Account Checker Use on the Rise
In addition to a rise in phishing and mobile app attacks, the report highlights a new developing trend – more advanced account checkers. Account checkers are automated programs fraudsters use to vet the login information stolen via data breaches. Previously, volume caps on their use limited the damage they could cause. However, RSA now states that may be changing.
“RSA recently identified an online studio for developing account checkers capable of attacking nearly any website,” the report states. “In addition to facilitating the development of new checkers, the site has also created a new source of income for fraudsters as the revenue generated from each checker is split between the site owner and the developer. This has introduced new opportunities for fraudsters to attack organizations not traditionally targeted by account takeover.”
Most concerning is the fact that the newfound ease of use will translate into the scope of the problem increasing. As the barriers to entry decrease, it’s likely that more and more fraudsters will turn to this method as a way to bypass accounts that continued to be secured by nothing more than a password and a username.
“The number and diversity of websites that have dedicated checkers available in the dark web has grown exponentially,” the report states. “With over 500 checkers in its pool of websites to choose from currently, RSA expects this number will grow even more as the site gains more popularity. As such, organizations, regardless of size or industry, should expect a growth in automated credential stuffing and account takeover attacks.”