Digital criminal gangs are expected to ramp up their activity against e-commerce companies over the weekend, drawing shoppers with Black Friday retail bargains, fraud and identity experts say.
The scam has several different modus operandi, primarily using stolen card information to carry out Card Not Present (CNP) fraud against e-commerce companies. It results in losses for merchants or issuing banks, Pratik Choudhary, manager of fraud and identity strategy at LexisNexis Risk Solutions, told his Al Arabiya English.
Follow our Google News channel online or in the app for the latest headlines.
“We expect account takeovers to change passwords and delivery information. We also expect an increase in synthetic identity fraud attacking industries such as telecommunications and pay now providers,” Choudhary said. I’m here.
He explained that scammers no longer operate in isolation, but within efficient networks of highly specialized cybercriminals. “Fraud attacks will continue to be targeted and more efficient,” he added.
There are several techniques criminals use to steal money. Account takeover fraud is when fraudsters use stolen credentials to take over a genuine account and collect PII (personally identifiable information), he said. You can then change details such as your shipping address or product purchases using the card-on-file in your account.
He described the synthetic ID as a modern-day Frankenstein monster. Scammers use data points such as home addresses and social security numbers to extract data from multiple people, both living and dead, to create new fake identities.
“This fake ID can be used to earn credit or purchase products under contract without any intention of repaying the credit,” he explained. “This is a particular problem for pay now providers and the telecommunications industry.”
For example, Choudhary points to a case where a synthetic ID passed a fraud check and criminals purchased multiple mobile phones on a 12-month contract. “The scammer said he only paid for one month and has no intention of paying back the rest of the contract amount,” he revealed. This leaves the victim with her 12-month contract bills, which are often difficult to break.
Malicious bot attacks grew 38% year-over-year (YoY) in the first half of 2022. Bot attacks are used to test stolen credentials sold on the dark web.
“These bot attacks are automated and test multiple username and password combinations at scale,” Choudhary said. “In many cases, they target an industry with relatively poorer fraud prevention than the banking industry to collect the victim’s PII,” he explained.
Scammers no longer operate in isolation, but within efficient networks of highly specialized cybercriminals. (stock photo)
“They want to successfully enter the e-commerce business ecosystem or take advantage of stolen credit/debit card details to maximize their chances of fraudulently purchasing products. “Genuine customers may spread their spending across multiple businesses. There is,” he concluded.
mobile cyber attack
Over 75% of transactions on LexisNexis’ Digital Identity Network were mobile (in-app or via mobile browser).
According to Choudhary, consumer preferences, massive digitization strategies by businesses and governments, and lockdowns during COVID-19 have made mobile now the norm for consumers in developed and developing countries. is shown.
“Our share of attack analytics shows that mobile attacks are also up and desktop attacks are down from early 2019,” he said. In the second half of 2021, the breakdown share of attacks by channel was split as desktop (40%), mobile browser (29%) and mobile his desktop (31%), he added.
Choudhary explained that speed of purchase is critical for e-commerce businesses, especially during high-volume sales events, and trusting mobile devices in near-real time is critical to conversions and revenue.
“For merchants, this holiday season, multiple factors will be key to thwarting bad actors and realizing revenue through the right deals,” he said. “Contextualizing digital transactions made on mobile devices through the power of global digital networks, securing trust tags on mobile devices of returning customers, and knowing behavioral biometric interactions with genuine customers’ devices are all critical. .”
according to 2022 Stay Secure Survey Nearly one in three UAE online shoppers still struggle to identify fraud or fraud, according to a study conducted by digital payments giant Visa and Dubai’s Ministry of Economy and Tourism.
The survey results were announced in August. Most respondents said they would like to know more about how their personal information is processed and protected before providing it to an e-commerce website.
“The fact that one-third of consumers are still unable to identify potential fraud raises the need for all parties. payment ecosystem We will continue to work together to ensure that consumers are protected,” Neil Fernandez, Visa’s head of risk for the Middle East and North Africa, said in a press statement announcing the study.
Additionally, almost three-quarters of those surveyed said they want to know how security technology works to help them trust digital payment methods, prompting payment industry stakeholders to focus on consumer education. It emphasizes that you should
The survey also found that 84% of consumers said the security of payment features offered on merchant websites was the top reason they chose to pay online over cash on delivery (COD). understood.
Choudhary offers advice to ordinary consumers who want to buy goods online and avoid becoming a victim of fraud, stressing the need to understand scams and how to get scammed. Did.
He suggested customers change their passwords regularly, allowing them to use different passwords for their e-commerce, streaming sites, and bank accounts. He also suggested avoiding public Wi-Fi.
Taking such precautions into account “makes you think twice when a scam targets you,” he said.
The growth of online shopping, spurred by the pandemic, has created a perfect storm for cybercriminals who have found fertile ground for inventing new ways to attack and defraud people online.
In July of this year, cybercriminals launched a massive phishing campaign targeting users in the Middle East, masquerading as over 13 well-known shipping and postal operators, which resulted in a UAE-based cybersecurity firm. This was revealed in a Group-IB report.