Digital identity, security, anti-fraud, risk-based authentication and intelligence company ThreatMetrix has released its new Q2 2017 cyber crime report, revealing that “cyber crime has gone up nearly 100% since 2015”, with a key driver being “the rise of new account origination fraud, which has increased 30% since last quarter".
The report is impressively detailed at 45 pages, and is available for free download after free registration.
We’re told that “stolen data off the back of global breaches is being used to not only apply for new loans and open eCommerce or banking accounts but also to perform attacks on less traditional industries".
"With ride-sharing apps, for instance, fraudsters are taking trips using stolen credit cards or propagating two-party fraud by using a fake driver account and 'accepting customers' using stolen credentials. Some cyber criminals are even leveraging ride-sharing business models to create fake customer accounts and launder money via false insurance claims."
ThreatMetrix explains that “the rise in fake accounts is seen most dramatically amongst media companies (e.g. social networking, content streaming and online dating organisations) which have seen a 527% increase in new account origination attacks".
“Fraudsters are using modest sign-up requirements to test stolen identity credentials and cultivate opportunities to monetise stolen credit cards. Cyber criminals are looking to game the system, either by creating multiple free trials or selling accounts online at a reduced rate.”
2007 vs 2017:
“Ten years ago,” ThreatMetrix explains that “only 7% of the US population used social networking sites. However today that figure has increased nearly tenfold, to 65%, according to Smart Insights.
"The diverse and dramatic rise of digital media sites and apps is leading them to become a prime target, with 28 million attacks detected in Q2 by the ThreatMetrix Digital Identity Network.”
Cyber crime is more global and networked than ever before
- ThreatMetrix say its latest data “shows that fraud attacks are permeating across borders, using data harvested from global data breaches”.
- Transactions originating from Europe are twice as likely to be fraud attacks compared to North America, which remains the top global target for attacks.
- South America is a global hub for new account origination attacks that target global media companies, with more than 45% of all new account origination attacks coming from Brazil.
- Japan joined the list of top attack destinations for the first time.
Stolen identity data is being used in the wild to perpetrate attacks
- Bot attacks are significantly affecting daily traffic volumes across all major industries as fraudsters validate lists of stolen credentials through large-scale automated attacks.
- 82% of stolen credentials on the Darknet have been seen on the ThreatMetrix Digital Identity Network, showing the downstream impact of data breaches.
eCommerce remains a breeding ground for devastating attacks
- eCommerce login transactions continue to be attacked more heavily than other industries, as fraudsters look to capitalse on saved credit card information and take advantage of the increasing popularity of shopping loans.
- 88 million attacks hit the eCommerce industry in the last quarter, which marks a 41% year-on-year increase.
- The proportion of mobile eCommerce transactions has grown nearly 40% year-on-year and nearly 20% just since last quarter.
Mobile engagement continues to grow, making cross-device recognition imperative
- The prevalence of stolen identities and tools to enable spoofing is leading to more frequent attacks that target the growing mobile economy.
- 47% of transactions now come from mobile devices, with 55% involving new account creations.
- Financial services growth is predominantly driven by mobile transactions, with mobile account creations growing faster than any other use case at 141% year-on-year.
- Europe remains the most mobile region, with 53% of all transactions coming from mobile.
The ThreatMetrix Q2 2017 cyber crime Report, which can be freely downloaded here, “is based on actual cyber crime attacks from April to June 2017 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications".
The company proudly boasts that it is “recognised as the sole Leader in the 2017 Forrester Wave for risk-based authentication".