Fraudsters Go Local and Undercover in Q1 … But We Still Spot Them

Posted May 13, 2015

Fraudsters Go Local

The Internet has brought us all closer together. It has enriched our lives, made us more productive at work and allowed businesses to expand with greater agility into previously untapped markets. But we often hear that the Internet also provides a dangerous mask of anonymity to criminals, who launch cyber attacks across borders with impunity, knowing they can’t be caught because they’re sat in a different jurisdiction. That’s why it’s interesting to see that more and more online fraudsters have actually been focusing their scams on local users recently.

The latest ThreatMetrix® Cybercrime Report: Q1 2015 has found that the majority of fraud attacks from October 2014 to March 2015 originated from and targeted the same country. It’s intelligence like this and many other insights in the report which will help us better protect our customers and further the fight against fraud globally.

Staying local

The top 5 attack origination and target countries were Canada, the U.S., France, UK and Germany. In the UK nearly three-quarters (72%) of fraudsters came from within the same country, and the figure was even higher in Germany (81%), Russia (85%), France (87%), and Italy (94%).

We know this because our technology specifically looks for fraudsters’ attempts to hide their true location through proxy servers and VPNs – something they’re doing with increasing regularity to escape detection. We can also say that most attacks originated in countries with a high volume of online and mobile transactions.

This isn’t to say, of course, that cyber crime isn’t still a global affair. In the case of the UK, for example, the second biggest concentration of scammers defrauding British consumers was in Mexico, followed by Nigeria, Germany and the U.S. Cross-border cyber crime remains a very real threat requiring greater co-operation between governments and law enforcement to stamp out.

At this point, it’s worth mentioning that these ThreatMetrix® stats are among the most comprehensive you’re likely to find in the industry, anywhere in the world. We source them from our Global Trust Intelligence Network, which analyses one billion transactions every month on behalf of more than 3,000 customers and 15,000 websites worldwide.

Key themes

So what else can we say about the ever-evolving nature of fraud over the past two quarters? Here are a few more insights from the report:

  • ThreatMetrix spotted 11.4 million fraud attempts during the peak holiday shopping season (Nov-Dec 2014)
  • Cloaking/spoofing attacks rose, driven by an increase in the use of sophisticated crimeware tools, readily available for fraudsters to buy on underground forums
  • Device spoofing remains the top attack vector, accounting for 6.1% of transactions
  • Account log-ins (80%) and payments (18%) were the most popular transaction types during the period but…
  • …Account creation fraud was the highest risk – with a 4% share of fraudulent transactions, rising to 6.7% in the e-commerce sector. Fraudsters are making use of the vast quantity of breached identities available on the underground markets plus crimeware tools than can cloak traffic to trick first generation fraud prevention tools.
  • Mobile commerce represents around one third of the total. But, whilst growing, mobile fraud remains significantly below that on desktops.

Better together

  • We’ve seen how resourceful, determined and agile the bad guys are. As increasing numbers look to tap new vectors, using crimeware tools to hide their identities and ever-available troves of breached ID data to carry out successful scams, businesses are struggling to differentiate fraudster from legitimate customer. Some react by installing overly aggressive anti-fraud tools that cause basket abandonment and end up costing more than fraud losses themselves. So how should we respond?
  • The answer is a joined-up, global, networked approach. With the power of our huge network of shared anonymous transactional data we can spot patterns others miss. This underpins a context-based authentication approach, which sees through typical cloaking tools and obfuscation methods used by fraudsters. It checks against a series of unique attributes associated with a user (think log-in habits, typical locations, shipping info etc) to spot whether a transaction is authentic or not.

It’s fast, simple, friction-free and highly reliable. That’s how we beat the fraudsters.

Check out the ThreatMetrix® Cybercrime : 2015 to find out more about the latest fraud trends.

ThreatMetrix

ThreatMetrix

close btn