Rise in Online Mobile Fraud Threats: A Holiday Warning and Prevention Advisory
Posted December 12, 2012
The official UK Holiday online shopping season is off to a good start, following what early reports suggest was a very busy Cyber Monday. Since consumers in the UK are adopting smartphones at a faster rate than any other country, it is no surprise that they are using mobile devices during the holidays to gather information and make purchases.
In fact, up to ten per cent of all in-store UK sales will be influenced by smartphones this December. Consumers primarily use their smartphone to research prices, create store-shopping lists and engage with friends and family using social media. The influence aspect is set to account for £3.2bn of in-store Christmas sales, while £330m of sales made directly through smartphones and £500m in sales will be made via tablets. **
Retailers have been quick to exploit the mobile channel. Unfortunately, so have cybercriminals. Previously, phishing scams that seek an individual’s private data have been primarily launched through email. But now, text messages are being used to attack unwitting consumers. Called “smishing,” a combination of sms and phishing, these fraudulent messages offer mobile banking services, PPI compensation, instant loans or anything a cybercriminal can dream of to attract attention.
As with “phishing,” legitimate brands can be co-opted so messages look and feel like they come from a trusted source. Consumers face threats that include identity theft and account takeover (where credit cards and bank accounts can be compromised). Companies face payment fraud threats, many coming from criminals using stolen identities.
Mobile devices are also vulnerable to malware, malicious viruses that lie in wait for victims to conduct online transactions or banking sessions. There have been many documented examples with Eurograbber the most recent one. This very dangerous form of malware works through a PC to get to a consumer’s mobile device. Asking for a mobile number during a transaction conducted on a PC, it sends a text message to the mobile phone asking the victim to also update the security on the mobile device. At this point, malware is installed on the mobile device as well. According to a report in the Financial Times, Eurograbber (a variant of the Zeus family of viruses) is responsible for a €36m loss from consumers across Europe.
Applying consistent fraud detection and risk management to mobile transactions is a challenge. Devices like iPhones lack native device identifiers to aid in fraud detection. Until now, mobile apps have operated outside of traditional fraud screening and risk mitigation measures.
This makes it doubly important that mobile consumers be vigilant. Here are some key tips for preventing mobile fraud:
- Always password protect your phone
- Beware of holiday eCards and special offers from unknown sources
- Use a separate, dedicated credit card for online transactions
- Don’t store PIN numbers and passwords on mobile phones
- If a phone is lost, call the bank and change passwords
- Don’t send sensitive information by text
- Put anti-virus software on mobile devices
- Stay away from websites that are unknown
- Be careful when choosing mobile apps
- Lock smartphones when not in use
- Don’t follow links sent in text messages
- Do transactions and banking only on trusted websites
At the same time, companies need to protect their business and their mobile customers by integrating new technologies that detect smishing and block malware. Hassan van de Riet, EMEA Sales Director from leading online fraud prevention company ThreatMetrix, says “It is more important than ever for companies to integrate advanced fraud screening techniques such as malware detection or mobile device identification into their online security.” Advanced anti-cybercrime technologies, such as offered by ThreatMetrix, protect customer data and secure transactions against fraud, malware, data breaches as well as virus attacks. Bringing cloud-based capabilities like VPN Detection, Geo-Location, Proxy Piercing, True OS, malware detection and a host of other device and session verification capabilities to mobile platforms minimises the risk of mobile fraud. Van de Riet goes on to say that “powerful mobile security is essential to maintaining consumer trust – and protecting a company’s brand.”
* Data from comScore
** Deloitte Mobile Commerce Research
ThreatMetrix®, The Digital Identity Company®, is the market-leading cloud solution for authenticating digital personas and transactions on the Internet. Verifying more than 20 billion annual transactions supporting 30,000 websites and 4,000 customers globally through the ThreatMetrix Digital Identity Network®, ThreatMetrix secures businesses and end users against account takeover, payment fraud and fraudulent account registrations resulting from malware and data breaches. Key benefits include an improved customer experience, reduced friction, revenue gain and lower fraud and operational costs. The ThreatMetrix solution is deployed across a variety of industries, including financial services, e-commerce, payments and lending, media, government and insurance.
Tel: +352 20-40-8310