Fake app mobile fraud is hitting retailers hard, with attacks rising by 191% in the first half of 2019, with cyber criminals using the trust legitimate brands garner to commit crime.
So finds a new global fraud report from digital risk management experts RSA Security, the results of which were were gathered by RSA’s Fraud and Risk Intelligence (FRI) unit, a team of experts who infiltrate cybercriminal groups to unearth fraud campaigns and track their proliferation.
Worryingly, the total number of global fraud attacks the team detected in the first half of 2019 was 63% higher than the number detected in the second half of 2018, rising from 86,344 to 140,344.
Fraud attacks originating from fake mobile applications rose by 191% in the first half of 2019 (to more than 57,000), as cybercriminals continue to abuse legitimate brands as a channel to commit fraud.
E-commerce payment fraud attempts originating from a ‘trusted’ account – with one known to the RSA fraud system for 90+ days – but a ‘new’ device increased from 20% to 80% of total e-commerce fraud, as perpetrators double-down on account takeovers as a means to evade fraud detection.
There was an 80% rise in financial malware attacks in the first half of 2019, with fraudsters spotted using adapted versions of the old Ramnit Banking Trojan to circumvent defences; for instance, the fraud team found it’s now being distributed via executable files that are downloaded and opened by unknowing users.
Daniel Cohen, Director of the Fraud and Risk Intelligence Unit at RSA Security commented on the findings: “The digital transformation of finance is well underway and yet, this transformation is a double-edged sword; while digital has created opportunities for organisations to improve customer experience, it also introduces new digital risks that need to be managed. Take for example the number of digital touchpoints that consumers can engage with to access financial services: these have increased dramatically through initiatives such as open banking and this widens the attack surface that fraudsters can take advantage of.”
He continues: “The fact that fraud via fake mobile applications tripled in the first half of 2019 is testament to how perpetrators will constantly seek out weak points. Here, they are exploiting consumers’ growing trust in mobile apps as a means to interact with brands and make purchases. To keep pace with constantly evolving tactics, banks need to take a layered approach to proactively manage the risk of fraud across all channels. This will help them embrace the opportunities that come with digital transformation whilst maintaining confidence in their ability to detect and respond to fraud, protecting both themselves and their customers.”
Cohen concludes: “It’s also essential that, as consumers, we all stay vigilant of new digital risks and there are several simple steps we can follow. Firstly, avoid clicking on links in text messages or emails from unfamiliar senders as this lowers the chance of having your bank details stolen, or malware being installed on your device. It’s also important to keep track of bank transactions; often, fraudsters will start with smaller purchases to test the water, so monitoring bank accounts closely is vital to catch fraudsters early. Finally, in light of the rise in fake mobile apps, download new applications with caution, make sure to verify the publisher and pay close attention to what data permissions each app requests.”