Press Briefing

Rise in Online Mobile Fraud Threats: A Holiday Warning and Prevention Advisory

The official UK Holiday online shopping season is off to a good start, following what early reports suggest was a very busy Cyber Monday. Since consumers in the UK are adopting smartphones at a faster rate than any other country, it is no surprise that they are using mobile devices during the holidays to gather information and make purchases.

In fact, up to ten per cent of all in-store UK sales will be influenced by smartphones this December. Consumers primarily use their smartphone to research prices, create store-shopping lists and engage with friends and family using social media. The influence aspect is set to account for £3.2bn of in-store Christmas sales, while £330m of sales made directly through smartphones and £500m in sales will be made via tablets. **

Retailers have been quick to exploit the mobile channel. Unfortunately, so have cybercriminals. Previously, phishing scams that seek an individual’s private data have been primarily launched through email. But now, text messages are being used to attack unwitting consumers. Called “smishing,” a combination of sms and phishing, these fraudulent messages offer mobile banking services, PPI compensation, instant loans or anything a cybercriminal can dream of to attract attention.

As with “phishing,” legitimate brands can be co-opted so messages look and feel like they come from a trusted source. Consumers face threats that include identity theft and account takeover (where credit cards and bank accounts can be compromised). Companies face payment fraud threats, many coming from criminals using stolen identities.

Mobile devices are also vulnerable to malware, malicious viruses that lie in wait for victims to conduct online transactions or banking sessions. There have been many documented examples with Eurograbber the most recent one. This very dangerous form of malware works through a PC to get to a consumer’s mobile device. Asking for a mobile number during a transaction conducted on a PC, it sends a text message to the mobile phone asking the victim to also update the security on the mobile device. At this point, malware is installed on the mobile device as well. According to a report in the Financial Times, Eurograbber (a variant of the Zeus family of viruses) is responsible for a €36m loss from consumers across Europe.

Applying consistent fraud detection and risk management to mobile transactions is a challenge. Devices like iPhones lack native device identifiers to aid in fraud detection. Until now, mobile apps have operated outside of traditional fraud screening and risk mitigation measures.

This makes it doubly important that mobile consumers be vigilant. Here are some key tips for preventing mobile fraud:

• Always password protect your phone
• Beware of holiday eCards and special offers from unknown sources
• Use a separate, dedicated credit card for online transactions
• Don’t store PIN numbers and passwords on mobile phones
• If a phone is lost, call the bank and change passwords
• Don’t send sensitive information by text
• Put anti-virus software on mobile devices
• Stay away from websites that are unknown
• Be careful when choosing mobile apps
• Lock smartphones when not in use
• Don’t follow links sent in text messages
• Do transactions and banking only on trusted websites

At the same time, companies need to protect their business and their mobile customers by integrating new technologies that detect smishing and block malware. Hassan van de Riet, EMEA Sales Director from leading online fraud prevention company ThreatMetrix, says “It is more important than ever for companies to integrate advanced fraud screening techniques such as malware detection or mobile device identification into their online security.” Advanced anti-cybercrime technologies, such as offered by ThreatMetrix, protect customer data and secure transactions against fraud, malware, data breaches as well as virus attacks. Bringing cloud-based capabilities like VPN Detection, Geo-Location, Proxy Piercing, True OS, malware detection and a host of other device and session verification capabilities to mobile platforms minimises the risk of mobile fraud. Van de Riet goes on to say that “powerful mobile security is essential to maintaining consumer trust – and protecting a company’s brand.”

* Data from comScore
** Deloitte Mobile Commerce Research

About ThreatMetrix

ThreatMetrix is the fastest-growing provider of integrated cybercrime prevention solutions. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, malware protection with TrustDefender™ Cloud and TrustDefender™ Client, as well as TrustDefender™ Mobile for smartphone applications. The company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments, social networks, government, and healthcare. For more information, visit www.threatmetrix.com.

© 2012 ThreatMetrix. All rights reserved. ThreatMetrix, TrustDefender ID, TrustDefender Cloud, TrustDefender Mobile, TrustDefender Client, the ThreatMetrix Cybercrime Defender Platform, ThreatMetrix Labs, and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

Media Contact:

Ariane Eberwein
International Communications
Optimize Interactive
Tel: +352 20-40-8310
Email: ariane@optimize-interactive.com

Download PDF version