Warning from ThreatMetrix: Summer Season’s Also Mobile Fraud Tix, Travel and Stolen ID Season
Posted May 28, 2015
ThreatMetrix Offers Cybersafety Strategies to Prevent becoming a Victim While Booking Travel and Buying Tickets on Mobile Devices
Summer vacation. The sun’s up. The guard is down. And individual mobile app usage is on the rise. What a wonderful season for…cybercrime. And cybercriminals have a lot of potential victims to choose from.
Surveys say more Americans planning summer vacations using mobile devices
According to a recent survey by Orbitz.com and the University of Wisconsin, more than two-thirds (68 percent) of Americans plan to take at least one vacation this summer, with an increasing number booking hotels and flights online and via mobile devices. Travel-focused research firm PhoCusWrite estimates mobile travel apps will account for one-quarter of all U.S. online travel sales this year – driving more than $40 billion in revenue – much of which will be generated during the peak travel booking season of July and August.
Andreas Baumhof, ThreatMetrix chief technology officer, warns of huge mobile “app-ortunity” for cybercriminals
“While mobile devices are considered more secure than desktops to a certain degree, mobile apps on these devices can be a mess at times, so consumers must exercise caution when booking travel or purchasing tickets via these apps. As most hotel chains, airlines and ticketing companies have developed their own mobile apps, banks often do not have a holistic view of fraudulent activity across apps – and cybercriminals see this as an opportunity to compromise mobile apps for personal or financial gain.”
Beware of these risks
- Downloading fraudulent apps – With nearly every hotel chain, airline and ticketing company having its own mobile app, cybercriminals create fraudulent apps that look authentic to the everyday consumer. Fraudulent apps can have malware that provides cybercriminals access to personal information that may be stored on devices. To avoid trouble, download official apps from the app store and not a third-party.
- Accessing public Wi-Fi – Public Wi-Fi may save on mobile data usage, but it risks revealing personal information. Limit or eliminate using public Wi-Fi networks for banking and other financial activities. Be aware that cybercriminals often use these networks to intercept an individual’s connection and steal personal information or install malware.
- Purchasing tickets from third party sources – Each year, more than five million Americans purchase fraudulent tickets to concerts, sporting events and other leisure activities. This risk is exacerbated by the increasing use of marketplaces such as Craigslist. Buying tickets from third parties you don’t know well, or from classified ad sites or scalpers can be risky. To not become a victim, purchase tickets from official event websites or approved resellers.
- Storing personally identifiable information (PII) – A key reason many consumers use mobile devices is because it’s easy to store PII such as names, email addresses and credit card numbers. It can save time and keystrokes when returning to an e-commerce website or doing online banking. However, given the recent avalanche of data breaches, (783 in 2014), stolen consumer identities are often used without the individual’s knowledge. Therefore, consumers should limit the amount of PII stored on mobile devices – even if it means spending a few extra minutes to make a mobile transaction.
Baumhof on differentiating between fraudulent and authentic activity
“In light of recent high profile data breaches, hotel, airline and ticketing companies need an understanding of how stolen identities are used in order to differentiate between fraudulent and authentic activity, which can be done by leveraging global shared intelligence. Cybercriminals attempt to use stolen identities for activity such as credit card fraud, phishing and online transactions – and often sell stolen identities to underground crime rings. Shared global intelligence acts as a type of personal digital guardian that works and keeps consumers’ identities protected against getting burned by fraudsters in the summer months and year round.”
The ThreatMetrix Digital Identity Network for real-time intelligence via a persona-based profile
By leveraging a global trusted identity network such as the ThreatMetrix Digital Identity Network, businesses have access to real-time intelligence and protection via a persona-based profile. This safeguards consumers’ information, protecting them from fraudulent activity. It also creates a strong digital assessment on a global network that enables consistent risk assessments of data and creates a digital persona of users through mapping their online behaviors and devices. In this way businesses can differentiate between authentic and fraudulent online activities.