June 20 — Financial fraud originating in North America has doubled in the last quarter. In fact, more than half of all fake accounts targeting online and financial services in North America and Europe originate from the U.S., far, far more than fraudulent accounts coming from Southeast Asia and Eastern Europe, regions that have historically been associated with fraud.
According to the “DataVisor Fraud Index Report” for Q1 2018, fraud has increased globally, up 50 percent between Q4 2017 and the present. DataVisor detected a total of 900 million malicious activities and transactions in the last quarter alone.
More disturbing for U.S. banks are in the increases in financial fraud originating in North America. While China, India, Southeast Asia and South America create most of the fraud using device emulators and click and install farms, fake accounts and financial fraud are on the rise in North America. The U.S. alone saw a 26.8 percent increase in fraudulent accounts in just the last quarter alone. Compare this to Russia, of all countries, which actually saw a 5 percent decrease in fraudulent accounts and whose fraudsters only target financial services 2 percent of the time.
DataVisor’s report suggests, “This could be due to online services blocking or requiring additional authentication steps for overseas activity, forcing fraudsters to route their traffic through data centers, compromised hosts or proxy services located in the U.S.”
Types of attack vary by target. For instance, attacks on social platforms usually take the form of spam, but fake followers and changes to profile information are not uncommon. For the financial industry, 50 percent of attacks falsely update banking information, while 31 percent result in fraudulent transactions, 15 percent change logins/logouts and 4 percent create fake accounts.
Attacks on the financial industry are also less likely to be coordinated. “In this case, the attacks are more stealthy and conducted using manual methods so as to blend in with normal users and avoid detection,” the report states. “The average attack campaign … involves only six fraudulent accounts.”
For comparison, look to social platform attacks — the average attack campaign targeting these platforms include 104 fraudulent accounts, and the largest campaigns can involve hundreds of thousands of accounts. However, Datavisor suggests that fraudsters targeting the financial industry simply don’t need to create that many accounts. The rate of return on one successful financial fraud attack is much higher than those on social platforms, where often thousands of fake accounts are required to collect the same dollar amount.
Overall, the report had two main takeaways: 1) Fraudsters are constantly evolving their attack patterns to evade detection; and 2) Fake accounts are becoming harder and harder to detect as they mimick legitimate users so closely.
“In addition to cloud services,” the report concludes, “fraudsters also take advantage of compromised and/or misconfigured devices as proxies to route their network traffic. They also employ various techniques to blend in with legitimate users such as using common email domains and spoofing user agent strings to fake their operating system and browser.”