Spear Phishing, Cloud Jacking, and Island Hopping: The New Fraud is Here
Financial fraud dominates holiday season and end-of-year news, as do predictions for what to expect in 2020. This Week in Fraud Trends, December 6, 2019.
Financial fraud is everywhere. Which makes sense. Fraudsters go where the money is, and they like a short path from A to B. So it’s no surprise that financial fraud is omnipresent. It’s additionally no surprise that we should be seeing a great deal of news about financial fraud right now — it is the holiday shopping season, after all.
Here’s some news we learned this week about holiday shopping fraud:
“A new study shows a 29 percent increase in suspected online retail fraud during the start of the 2019 holiday shopping season compared to the same period in 2018, and a 60 percent increase over the same period from 2017 to 2019.”
While the above is explicitly to do with holiday financial cycles, the numbers are right in line with overall annual trends, as we learned this week in a story from Retail Customer Experience:
“American Express issued a report showing that 77% of merchants reported being victim of some type of fraud, adding that efforts to mitigate those risks are impacting their bottom line. The report showed that online fraud has increased a great deal over the past year, with 27% of online sales are fraudulent transactions, up from 18% a year ago.”
For the record, the RCE team had some holiday shopping news to share as well:
Of course, the BIG financial fraud news this week comes to us from Russia. Here’s the story, as reported by NPR:
“Federal law enforcement officials have announced criminal charges against two Russian nationals who operate a hacking organization known as Evil Corp., a group officials say is responsible for one of the most sweeping banking fraud schemes in the past decade.”
If you’re one of those people who thinks you couldn’t possibly represent a meaningful target to a fraudster, note that the above attack included among its victims “a community of Franciscan sisters in Chicago.”
If you want to know more about attacks like the above, and particularly if you’re interested in stopping these kinds of attacks, you’ll want to catch up on phishing and bot attacks in particular:
“The malware software was known as Dridex, which automated the theft of confidential information from banking customers after someone clicks on a phishing emails.”
“Yakubets and Turashev captured banking credentials using an online tool known as botnet, which takes over a computer’s operating system.”
Speaking of phishing, THAT is a seriously interesting arena of fraud, with a great many sub-categories, including the charmingly named “spear phishing.” If you think we’re making that up, we’re not. And, on the subject of unlikely targets for fraud, you might like to read the following, in which an entire city because the target of a spear-phishing attack:
Given that we are indeed in the full throes of the holiday shopping season, we are also approaching the end of the year, which means it’s also the season for predictions. How about we kick the 2020 cycle off with … how many predictions??? 141!
In the spirit of esoteric titling practices for fraud sub-categories, we’ll pull out this quote from the above new Forbes article as one of our favorites:
“Cloud jacking and subsequent island hopping will become a more common practice as attackers look to leverage an organization’s infrastructure and brand against itself.”
We close out this week’s news with a post from our own Priya Rajan, who earlier this week recapped her MoneyLive appearance:
“Data is not the new gold. Data is merely a utility. One that is commoditized. The real gold is the intelligence within that data.”
And with what, we invite you to join us next week for another edition of This Week in Fraud Trends!
