A new study from Visa shows that fraud schemes have continued to take advantage of technical misconfigurations by threat actors.
These include using malvertising and search engine optimisation (SEO) techniques to create compelling and successful phishing and social engineering campaigns, using new advanced language model (ALM) technologies, and a greater focus on authentication processes.
Even though the world fraud rate was lower than expected during the reporting period (January to June 2023), Visa said it helped prevent $30 billion in fraud. However, threat actors could pull off well-thought-out fraud plans that affected specific institutions, technologies, and processes.
Ransomware threats keep getting better.
With nearly 460 strikes, March 2023 broke the record for most ransomware attacks in one month, a 91% increase from February 2023 and a 62% increase from the same time in 2022. In a study on ransomware from 2023, exploited vulnerabilities were found to be the most common cause of attacks (36%), followed by stolen credentials (29%).
Interestingly, ransomware attacks and similar threats sometimes specifically target payment data. Instead, they will compromise any data they can access, including payment and personal information. During the study time, there were 40% more enumeration attacks than in the six months before.
58% of all fraud and breach cases were about online merchants, 20% were about stores, and 7% were about ransomware or other fraud schemes.
A noticeable rise in retail-specific plans
In the last six months, there has been a clear rise in retail-specific plans, such as:
False, copied, or fake merchants: Websites that look like those of consumers’ favourite merchants are being used to trick people. These sites are set up to take customer orders but don’t deliver the goods or services bought. Instead, they steal the customers’ payment information.
The growth of bad ads: Some people who want to steal personal information make fake ads. Search engine-optimised scams are used to get people to fall for these schemes. These scams take advantage of what people might be interested in buying legally.
Scams using flash fraud: Flash fraud merchants, also called “bust-out schemes,” are also on the rise; this is when a threat actor sets up a real merchant and takes a small number of real payments to build their reputation. Once the seller has a good track record with payment handling, they suddenly send in a lot of fraudulent transactions, often using stolen payment account information, and then disappear as soon as they get the money from the stolen accounts.
Gift scams: The “gift” scam is a new crypto scam in retail. Bad actors offer a “gift” in a pop-up window and ask the victim to confirm the transaction. When the link is clicked, the malicious payload is run, which includes a file with malicious NFT that lets criminals talk to the victim’s wallet and authorise cryptocurrency transfers from the victim’s wallet to the fraudster’s.
Actions taken against hacking
With the help of law enforcement and government agencies worldwide, Visa’s efforts over the past six months have led to major crackdowns on hacking.
Visa has also helped catch and punish scammers all over the world. In May 2023, the US Secret Service shut down Try2Check, a big cybercrime platform. Operation Urban Justice was a local law enforcement move in California to stop Electronic Benefit Transfer (EBT) fraud. It led to the arrest of 20 people considered part of an Eastern European crime ring. In April 2023, 119 people involved with the cybercrime website Genesis Market were arrested as part of the Genesis Market Takedown, led by an international group of law enforcement agencies.
“We’re happy that fraud has been lower than expected in the last few months, but this edition of the Biannual Threats Report shows how smart fraudsters still are,” said Paul Fabara, Visa’s Chief Risk Officer. “Visa uses new technology like thieves do, and the fact that $30 billion of fraud was stopped in the last six months alone is a great sign.”