The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
Account takeover fraud — which occurs when a cybercriminal gains unauthorized access to an online account — is growing rapidly, a new analysis by a major Canadian cybersecurity company shows.
Vancouver, British Columbia-based NuData Security, which predicts and prevents online fraud, analyzed more than 15.7 million login interactions from May through June and identified 882,340 as high risk or potential account takeover attempts.
“Account takeover is the new credit card fraud,” says Ryan Wilk, the company’s director of customer success.
The most common method of account takeover, he says, begins with obtaining a list of user names and passwords.
“Fraudsters employ a variety of techniques to obtain the personal and financial information typically needed to take control of an existing account,” Wilk says. “This can be as simple as Dumpster diving and looking through people’s mail to purchasing packages of Fullz on the Web black market.”
In Dumpster diving, a hacker obtains data about a user, so the hacker can impersonate the user and gain access to the user’s profiles or other restricted areas of the Internet. Fullz is a slang term used by hackers and data resellers for full packages of individuals’ identifying information, which may include a person’s name, Social Security number, birth date, account numbers and other data.
Nearly 60% of more than 500 million online account creations NuData Security analyzed from May through July “were flagged as high risk or fraudulent.” That percentage is a huge increase from 28% flagged as high risk or fraudulent from February through April.
An account creation is the act of opening a new account such as establishing a new user profile and an account on Amazon.com or eBay.
“We’ve seen that account creation fraud has increased by more than 100% since February 2015,” Wilk says. “These cybercriminals or bad actors are finding new ways to conceal their location. They are moving quickly from one IP address to another to steal valid credit card accounts, as opposed to cycling through hijacked credit card information based on lists stolen from databases.”
Nearly half of all account registration fraud attempted in May involved creating false accounts to deliver false product ratings, NuData Security’s analysis shows.
“While review fraud is on the rise, the techniques are getting more sophisticated, and the number was slightly higher than anticipated,” Wilk says.
“Credit card fraud is passé, and account takeover is the new credit card fraud,” he says. “Much like a virus reacts to a vaccine, hackers develop new ways to penetrate security systems as the old methods become ineffective. Shifting tactics is just one way hackers have become more sophisticated in their efforts to stay ahead of detection efforts.”
Fraudsters are moving beyond payment card details, Wilk says, and are instead targeting data such as Social Security numbers, addresses and bank account information.
“The more information criminals collect from an individual, the easier it is for them to actually commit fraud using that info,” he says. “That’s why the recent Office of Personnel Management breach (in which cybercriminals stole information about more than 20 million federal employees, contractors and others) was particularly concerning. The bad actors look for the path of least resistance and are becoming more sophisticated daily.”
Detecting the source of a cyberattack can be difficult because cybercriminals can launch online assaults from infected computers worldwide, Wilk says. From May through July, most attacks observed by NuData Security originated in China and the United States, he says. Other countries from which a large amount of “malicious behavior” originated were Saudi Arabia, the United Kingdom, Malaysia and Brazil.
“The U.S. is home to members of some of the world’s most notorious hacker groups, including Anonymous and AntiSec,” Wilk says. “China has a sophisticated network of hackers. Some are connected to the China’s military, though the extent is unknown, and the government and officials continue to deny China’s involvement.”
Developing countries’ bad behavior can be attributed to “an overabundance of technologically trained young people with low-paying jobs,” he says.
Businesses should protect themselves from fraudsters by implementing user behavioral analytics to help verify valid users, Wilk says. “By implementing user behavior analytics, fraud can be detected and predicted before it causes damage to a business.”
[Editor’s Note: Detection is the first step to stopping new account fraud or identity theft. You should check your financial accounts regularly for signs of fraud. You can also keep an eye on your credit reports and scores for signs of fraud. You can get free annual credit reports under federal law at AnnualCreditReport.com. You can also check your credit scores for free once a month at Credit.com.]
Image: iStock
October 19, 2023
Identity Theft and Scams
May 17, 2022
Identity Theft and Scams
May 20, 2021
Identity Theft and Scams