A Data Breach Trifecta
Three big data breach stories dominate the news, while content abuse concerns threaten to derail the value of user-generated content. This Week in Fraud News, November 22, 2019.
The world of fraud trends has been rich with all sorts of intriguing narratives of late, and as a result, we’d gotten somewhat away from straightforward data breach reporting with our last few editions of This Week in Fraud Trends. However, this week? There were just too many stories to ignore.
One of the biggest data stories was the Macy’s breach:
“Macy’s has announced that they have suffered a data breach due to their website being hacked with malicious scripts that steal customer’s payment information. This type of compromise is called MageCart attack and consists of hackers compromising a web site so that they can inject malicious JavaScript scripts into various sections of the web site. These scripts then steal payment information that is submitted by a customer.”
As observed by Barron’s, this breach offered ample evidence of why these types of attacks are devastating across multiple fronts, and how they can directly impact a company’s finances:
“Macy’s confirmed on Tuesday that some customer data on its website may have been hacked during a weeklong window in October, adding bad news to a mostly dreary week for retailers. Macy’s stock (ticker: M) lost 10.9% in Tuesday trading, its worst one-day performance in three months.”
Meanwhile, over in Virginia, there was a data breach of a whole different sort, as we learned from the Washington Post this week:
“More than 500 employees of the Fairfax County Police Department — including the police chief — have been notified their personal information may have been compromised by a potential data breach at a neighboring police department, officials said.”
To complete our breach trifecta, we’ll share news that even the happiest place on earth (or, at least, the streaming TV version thereof) isn’t immune to data troubles:
“Disney+ customers are reporting that their accounts have been hacked — just one week after the streaming platform’s launch.”
If the above has you thinking that things appear to be getting worse rather than better when it comes to data breaches, you wouldn’t be alone in thinking so. As reported on this week by the team at PaymentsSource, that’s exactly what’s happening:
“Unfortunately, the trend for data breaches is only getting worse. According to Risk Based Security which recently published its MidYear QuickView Data Breach Report, there were 3,813 data breaches in the first six months of 2019 exposing more than 4.1 billion records. Compared to the midyear of 2018, the number of reported breaches was up 54% and the number of exposed records was up 52%.”
In addition to a slew of data breach tales, we’re starting to now see the inevitable appearance of holiday-season-themed fraud stories emerging with greater frequency, and things being what they are in the world today, that means Amazon is in the news. A lot. One story that particularly intrigued us was this one, from Buzzfeed:
The deception chronicled herein offers an interesting spin on what would normally be classified as buyer-seller collusion:
“Sellers reach out to Jessica through targeted Facebook ads touting free items or dedicated review groups with thousands of members, and give her a specific set of instructions to purchase their products on Amazon. After she leaves a 5-star review, the sellers reimburse her via PayPal or an Amazon gift card, and let her keep the items she reviews.”
Buyer-seller collusion isn’t the only reason Amazon has been making the fraud news, and reviews aren’t the only thing being faked:
Swoosh! What happened? Bloomberg knows:
“Nike reportedly struggled to control the Amazon marketplace. Third-party sellers whose listings were removed simply popped up under a different name. Plus, the official Nike products had fewer reviews, and therefore received worse positioning on the site.”
Fake listings and reviews are just two examples of an increasingly problematic type of fraud — content abuse. As explained on DataVisor’s Digital Fraud Wiki, “content abuse can be defined as the intentional posting of user-generated content that is fake, abusive, fraudulent, deceptive, or otherwise toxic and ill-intentioned.”
Content abuse is the focus of the new Q3 2019 Fraud Index Report from DataVisor, which was released earlier this week. In her introduction to the report, Ting-Fang Yen, DataVisor’s Director of Research, writes the following:
“The proliferation of fake, abusive, fraudulent, deceptive, and toxic user-generated content can severely damage a brand. If users can no longer trust the content they engage with on a particular platform, they will eventually cease to use the platform at all, and when customer churn increases, investors worry, advertisers depart, and businesses struggle.”
If by now you’re wondering what fake listings and reviews and other forms of content abuse have to do with data breaches, we’re happy to explain. Basically, you can think of it as a series of interdependencies — data breaches are a source of personal information that, in the hands of fraudsters, can be used to create new fake and malicious accounts. Those fake accounts can, in turn, be used to perpetrate all kinds of content abuse, including fake listings, fake reviews, buyer-seller collusion, and more.
And there you have it! Another week in fraud, another episode of This Week in Fraud News.
If you’re interested in learning more about user-generated content and content abuse, please make sure to download the new Fraud Index Report.
See you next week!
