Fraudsters up their games

A new report from digital trust company Sift revealed fraudsters are upping their games. The report details the emergence of a new scam in which cybercriminals collaborate to liquidate bank accounts through cryptocurrency exchanges and connected wallets that have been ignored amid the "crypto winter," a term coined to describe the rough patch cryptocurrencies have seen this year. The term is comparable to a bear market in the stock market.

Separately, Kasada, a firm that helps companies defend against automated (bot) attacks, reported that revenues lost to bot-driven account fraud are on the rise.

No industry left unscathed

Sift's Q3 2022 Digital Trust & Safety Index indicates that no industry has been left untouched by account takeover (ATO) attacks. The company said it saw an alarming 131 percent increase across its global network in the first half of 2022 compared to the same period in 2021.

Fraudsters, however, have set their sites on particular industries amid the global economic downturn, seeking to take advantage of dormant accounts and stored payment information. Industries with the largest increases in ATO attacks were financial technology (with attack rates up 71 percent), marketplaces (39 percent), and digital goods and services (37 percent). Within the fintech sector, cryptocurrency exchanges have seen a 79 percent increase in attack rates this year.

Sift's insights are largely gleaned from the company's network of 70 billion events per month, representing over 34,000 sites and apps across multiple industries.

The barrage of attacks has raised consumer awareness, Sift said. Forty-two percent of ATO victims reported seeing unauthorized purchases on hacked accounts where the had stored payment credentials, and 30 percent said they had lost rewards points or credits.

Of concern, Sift reported that better than half of ATO victims (51 percent) discovered their accounts had been compromised after noticing suspicious activity, suggesting compromised businesses were either unaware or, worse, failed to notify customers of breaches.

Not surprisingly, 43 percent of consumers surveyed by Sift said they would stop using a site or app entirely if their associated accounts were compromised by an ATO attack.

'Crypto winter' cash-out scam

Sift said that as cryptocurrencies have plummeted in recent months, its experts have uncovered a new scam targeting crypto accountholders, many of whom are not regularly checking their accounts due to ongoing value losses. Fraudsters are using dark web marketplaces and deep-web forums on Telegram to forge alliances with other fraudsters too launder funds from hacked bank accounts and crypto wallets, Sift added.

In this crypto cash-out scam, one fraudster who is looking to launder stolen funds teams up with others who have successfully hijacked bank accounts linked to crypto wallets. They then load stolen funds into the hijacked accounts and corresponding crypto wallets, then drain the funds and split the profits.

"Account takeover attacks are proving to be a primary attack method among fraudsters in our challenging economic environment," said Brittany Allen, trust and safety architect at Sift. "Adding insult to injury, cybercriminals are leveraging automation via bots and scripts to launch ATO attacks at scale, often forcing businesses to choose between introducing excessive friction in their user experience or being consumed by fraud."

Beware the bots

Meanwhile, Kasada's 2022 State of Bot Mitigation Report shows that revenue losses from bot-driven ATOs and web scraping continues to skyrocket, despite companies spending large on bot mitigation solutions.

Web scraping uses bots to extract content and data from websites. Unlike screen scraping, which only copies pixels displayed on screen, web scraping extracts underlying HTML code, and with it, data stored in a data base.

Specific findings reported by Kasada include the following:

• 69 percent of companies with bot management solutions reported losing more than 6 percent of revenues due to account frauds this year, up from 64 percent in 2021.

• 83 percent of companies said bots are becoming more sophisticated and difficult for their security tools to detect, up from 80 percent last year.

"Bots continue to evolve and thrive at the expense of companies," said Sam Crowther, Kasada founder and CEO. "Too much money, time and effort are being wasted by companies on reactive solutions that require a great deal of management and don't work well."

Kasada commissioned Atomik Research to conduct a survey of 200 technology professionals in August. Responses formed the basis of its report.

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.