Alarms, Alerts, and Advice: Cautionary Tales for Crisis Times
This week in fraud trends, we cover new threats associated with the ongoing pandemic and a range of cautions about what to expect next.
In a chaotic world filled with new and unknown threats, we can be grateful for those individuals and organizations whose mission it is to keep us informed and educated about what to watch out for, and how to protect ourselves, our businesses, and our data.
From Dark Reading this week, we received timely advice about the increasing prevalence and threat of “bad bots”:
“The Big Bad Bot Problem 2020” report is based on studies by Radware researchers, who found that 31.3% of e-commerce traffic in February was from malicious bots. Their actions are becoming more dangerous because 58.1% of the Internet bots Radware found can mimic human behavior in their attacks.
For actionable insights on addressing bot-powered e-commerce and marketplace fraud, we recommend downloading the following free asset:
Merchant Fraud Journal offers specific insights this week on e-commerce fraud concerns associated with COVID-19:
“The COVID-19 crisis is having an almost incalculable impact across the globe, and we’re still only just starting to understand the potential scope,” said Yinglian Xie, CEO and co-founder of DataVisor, a provider of AI-powered fraud solutions. “Exploitive fraudulent activity is one of the many critical concerns we’ll need to urgently address on an ongoing basis.”
Krebs on Security also provided valuable advice. Given that so many of us have had to rely in unprecedented ways upon video technology to manage our work lives, it is instructive to remember that we must maintain vigilance as we respond to these unexpected changes:
The incidence of Zoombombing has skyrocketed over the past few weeks, even prompting an alert by the FBI on how to secure meetings against eavesdroppers and mischief-makers. This suggests that many Zoom users have disabled passwords by default and/or that Zoom’s new security feature simply isn’t working as intended for all users.
DataVisor CEO Yinglian Xie this week voiced concerns associated with increased digitization associated with the pandemic:
Increasing digitalization plays right into the hands of modern fraudsters who have the latest technologies at their disposal and are working overtime to try and exploit any new vulnerability for illicit gain. Put bluntly, more online activity means more opportunity for online crime.
Alongside 19 other leading voices from across the payments sector, Yinglian also offered actionable guidance on how to best prepare for and address “black swan” events of this kind. Her insights are featured in a new e-book from PYMNTS:
We cannot outright predict a pandemic any more than we can predict a data breach or an account takeover. What we can do, however, is empower organizations to proactively spot burgeoning crises early and take decisive action before extensive damage occurs. —Yinglian Xie, Co-Founder and CEO, DataVisor
Hospitals and healthcare organizations are on the front lines right now. From Infosecurity Magazine, we learned this week that they’re dealing with increasing fraud threats as well, and are being alerted and advised accordingly:
Microsoft has been forced to alert several dozen hospitals in a “first of its kind notification” that their gateway and VPN appliances are vulnerable to ransomware groups actively scanning for exposed endpoints. The tech giant claimed that attackers behind the REvil (Sodinokibi) variant, for one, are probing the internet for vulnerable systems, with VPNs in high demand at the moment as COVID-19 forces home working.
One warning reported this week that potentially impacts the whole of the United States is this one, from the IRS:
The IRS is reporting scammers attempting to con taxpayers out of their stimulus checks. According to the IRS, these scammers are attempting to get individuals to sign over their checks by attempting to “verify” sensitive filing information that would allow scammers to receive the checks or use the personal information to file false tax returns.
We did have some good news reported to us by ZDnet this week, who shared that, despite significant increases in online shopping traffic, it is not expected that web skimming is going to surge:
The general consensus that we received from the three companies — and contrary to popular belief — was that web skimming is not expected to see a sudden surge of activity just because more people are now stuck at home and will most likely spend more time shopping online.
For more insights about web skimming (also known as “formjacking”), you are encouraged to read the following:
These are remarkable times, and they call for remarkable efforts from us all. Stay safe, stay home, stay connected. We’ll see you next week!
