Leaks, Breaches, and Bots: Are we making it too easy for fraudsters to succeed?
Seemingly almost by definition, fraud news is generally bad. Fortunately, however, there are exceptions. For example, just this week, The Association of National Advertisers (ANA) and cybersecurity company White Ops combined to make a significant claim, as reported by AdAge:
“The claim came in a report, titled Bot Baseline, that estimates advertisers will lose $5.8 billion due to ad fraud globally in 2019, down from $6.5 billion reported in 2017.”
As the AdAge article notes, this represents a decline of more than 10%. Cause for celebration? Perhaps.
Or, perhaps not.
Over on DarkReading, we find a very different picture being painted:
As the article points out, fraudsters are using an incredibly diverse and sophisticated set of tools, technologies, and strategies to perpetrate their attacks:
“More than one in three consumers are tricked by fake mobile apps, which include fraudulent banking apps that mimic apps from major companies. Researchers anticipate the risk of these apps will grow as consumers become more comfortable with mobile banking.
Malicious apps aside, cybercriminals are targeting financial firms with a range of tactics, the most common of which are malware (banking Trojans Adload, Atrpas, and Emotet), ransomware, ATM malware, and card skimmers, and vulnerabilities in SS7, which attackers exploit to intercept text messages authorizing payments from bank accounts.”
Clearly, fraudsters are working hard to win. Regrettably, we’re often making it easy for them to do so. As reported by Forbes and others, VPN review firm VPNmentor revealed this week that 80 million American households had their data exposed:
It’s important to understand that this was not the result of a malicious attack; the data was unsecured! Any fraudster could access the data without a password. What’s also important to understand, is that it’s not the availability of the data that’s the real concern — it’s what can be done with it, if it lands in the hands of bad actors:
“If accessed by cybercriminals, the information could be used to defraud users listed on the database. This could include social engineering attacks or even identity theft. This sort of data can also be used in mass phishing campaigns with attackers using details to launch, for example, “pornography-watching ransom” campaigns.”
TechCrunch reported on a similar story this week, this time focusing on job recruitment site Ladders:
The numbers cited in these articles are pretty staggering, and as we showed in our recently-released Q1 2019 Fraud Index Report, fraudsters are operating on a global scale to mastermind sophisticated new attacks and leveraging the data they obtain through leaks like those discussed above.
We mentioned at the beginning of this post that fraud news is usually bad, and while this remains too often true, the good news is that there are ways to stay ahead of even the most massive, bot-powered attacks. As Claire Liu shows in a post from this week focused on fraud modeling, unsupervised machine learning delivers the ability to detect suspicious accounts at the cluster level, uncovering correlated patterns that indicate coordinated activity by bad actors.
At DataVisor we work tirelessly to deliver good news in the world of fraud, and every week, we’re your source for all the latest stories. See you next week for another edition of This Week in Fraud Trends!
