Mobile Fraud Soars as Social Sites Help Scammers
Phishing continues to dominate the fraud landscape, accounting for nearly half of all attacks, but mobile fraud has jumped 650% over the past three years, according to RSA Security.
The security vendor’s Q1 2018 Fraud Report found phishing to account for 48% of all attacks during the quarter, followed by Trojans (24%) and brand abuse 21%).
The report uncovered a decline in use of traditional web browsers to conduct fraud, 62% in 2015 to 35% today, whilst the mobile app’s share of fraudulent transactions has risen from 5% to 39% over the same period.
However, as an attack type, mobile attacks comprised just 6% of the whole, linked to over 8,000 rogue apps in Q1. Some 82% of fraudulent e-commerce transactions spotted by RSA originated from a new device in Q1 2018, indicating the lengths scammers are going to in order to avoid detection.
RSA also confirmed the increasing role of legitimate social networks in unwittingly helping fraudsters to sell their wares.
“Social media provides the perfect control station for cyber-criminals, who can easily create profiles using fake details to operate on the platforms before collaborating with other fraudsters in closed groups, or peddling stolen wares in online marketplaces,” explained RSA Fraud & Risk Intelligence Unit director, Daniel Cohen.
“Social media’s scalability, anonymity and reach is providing cyber-criminals with the perfect disguise; they can jump between accounts and devices at will, rarely using the same device twice. This makes it much easier to dodge the authorities and continue scamming.”
The firm noted that Reddit has worked to ban a number of sub-reddits dedicated to fraud, where hackers were apparently exchanging contacts and advertising services and sharing info on which dark web fraud forums to use.
However, the problem appears to be rife on Facebook. Journalist Brian Krebs reported last month to have found over 100 private discussion groups dedicated to fraud and cybercrime, after just a couple of hours of searching
Source: Information Security Magazine