Increase In eCommerce Fraud
A company who serves as a data sharing platform for merchants to stop on-line fraud, recently provided IC3 with the below information describing how there has been an increase in fraud attempts incurred by on-line merchants.Since mid-March, merchants have experienced a serious increase in fraud attempts. The following four theories were studied and considered as explanations to the increased attempted fraud. The nature of the fraud attempts was that criminals had the complete identity information: name, address, email address, and IP address of the consumer.
-
Theory One – "Stolen Data" – one of the recent major data breaches included
credit card numbers, and the fraudsters are using the data.
This theory is the least likely, because the fraudsters who attempted these attacks have more details than were included in the data breaches.
-
Theory Two – "Spear Phishing" – a major recent data breach that compromised
email accounts is being used by the criminals to target consumers with really good
phishing emails, referred to as spear phishing. The fraudster knows the consumer
conducts business with a specific company. The fraudster creates a targeted email
from the company who conducts business with the consumer, and is able to collect
enough information to compromise the consumer.
To study this theory, the Anti-Phishing Working Group's (APWG) phishing map was researched. In the past 12 months, phishing in the U.S. was at a rate of 38%, and in the past 90 days, the site reports phishing attacks at 51.33%, which is a significant increase.
While phishing may be a contributor to the increase in fraud attempts, this theory has been declined, because with phishing information, when eCommerce orders are placed, there is some degree of inaccurate information, and the information is often "tested."
-
Theory Three – "Malware" – malware has spread and become more vicious.
While the malware is more vicious, an impact on eCommerce has yet to be determined;
although it may come in the future. Additionally, according to data on the APWG's
website, malware for the past 12 months in the U.S. was 35.85%, and in the past
90 days was reported to be 25.48%. Based on these numbers, malware attacks are actually
down according to the website.
A study was conducted with merchants participating in a program associated with the data sharing platform company. No link was found in confirmed fraud from merchants and malware tools or any other recognizable pattern.
-
Theory Four – "Fake eCommerce Donation Sites" – After researching this
theory, it is believed the increase in fraud attacks is tied to fake donation sites
that took advantage of the earthquakes and Tsunami in Japan. This belief is supported
because the fraudsters have the exact information on the data elements for making
purchases, and the accuracy rate is very good. Therefore, it is most likely the
data is being collected from fraudulent sites that took donations from the devastating
earthquakes and Tsunami in Japan. It is believed the fraudsters used social networks
to promote the donation sites to expand their reach farther and faster than has
been viewed in previous years.
The timing is exactly right; other major tragedies have been viewed as the cause to increased fraud spikes – such as Hurricane Katrina. In fact, fake donation sites were such a problem for Katrina, the National Center for Disaster Fraud (NCDF) was originally established by the Department of Justice to investigate, prosecute, and deter fraud in the wake of Hurricane Katrina. Its mission has expanded to include suspected fraud from any natural or man-made disaster. More than 20 federal agencies, including the FBI, participate in the NCDF, allowing it to act as a centralized clearinghouse for information related to relief fraud.
Richard Figley
Independent Associate
www.800-DO-A-WILL.com
ID Theft Shield
Looking for a New Career?
No comments:
Post a Comment