As fast as online service technology evolves, fraudsters find loopholes. We\u2019re at a crucial point of change in combatting new hacking tools and fraud schemes.<\/p><\/blockquote>\n
So what\u2019s changed, and what\u2019s changing?<\/p>\n
Bots fake loyalty<\/h2>\n
Ecommerce customers often receive bonuses as part of loyalty programs, such as for registering, giving reviews and referring friends. With bots, fraudsters create numerous fake accounts and receive bonuses just as real users do. The fraudster then uses the bonuses to buy goods at a big discount for resale.<\/p>\n
Bots are taking the best seats<\/h2>\n
Research by Distil Networks estimates some 40 percent of traffic to ticket sales sites comes from bots<\/a>. Fraudsters buy gig, show and sports event tickets with bots, reselling on social media, peer-to-peer sites or ticket resale sites when the event is sold out. This means fans are finding it harder to get tickets and end up paying more.<\/p>\n Cyberfraudsters also use web crawler bots (used legitimately by search engines to give accurate results to search queries) to \u201ccrawl\u201d ecommerce competitor websites, recording pricing and making theirs more competitive. They may also steal unique content like images and product descriptions to use on their website, damaging the search rankings of the original website because search engines penalize sites with duplicate content<\/a>.<\/p>\n In 2019 a new generation of \u201chuman bots\u201d emerged, designed to mimic human behavior impeccably. Previously, bots moved around web pages in repetitive and simple navigation patterns. The new-generation \u201chuman bots\u201d do things humans do, like shake the mouse and make rapid movements.<\/p>\n This new human-like behavior is a problem for anti-fraud systems. So far, many have relied on these human foibles to tell bot from human.<\/p>\n The easiest way for fraudsters to attack online businesses is through customers. They use manipulative strategies known as social engineering<\/a>. They either scare people or earn their trust to get credentials like logins and passwords, and other personal information. It\u2019s a fraudster, of course. The app grants remote access, mirroring the screen of your device and letting the fraudster steal personal information like your full name, address or social security number.<\/p><\/blockquote>\n They then sell your personal information on the dark web<\/a>, opening doors to all kinds of fraud, like using your name and bank account to apply for loans.<\/p>\n Remote access tools (RATs,) used legitimately by IT support teams in many organizations to access your computer screen to resolve issues, are a powerful tool for fraud in the wrong hands. Fraudsters often target accountants because they work with payment orders. The fraudster accesses the victim\u2019s screen without their knowing and substitutes bank details for their own.<\/p>\n You may recognize the methods employed in these growing attacks. Some are not new. Here are three emerging cyberfraud trends.<\/p>\n Cybercrime is an easy way to make money without leaving home. This has led to rapid growth in \u2018fraud as a service (FaaS.)\u2019 FaaS makes internet fraud less challenging for newcomers, and so increases the number of people involved.<\/p>\n On dark web forums, illegal websites or social media, anyone can buy a set of hacking tools and a leaked customer database, then pay for training on how to make illegal money.<\/p><\/blockquote>\n Costs range from just 5 US dollars for stolen credit card data, to thousands of dollars for extensive fraud execution courses. The market is booming. Underground digital markets sell bots, digital fingerprints for remotely accessing devices and anonymizer tools that make internet activity untraceable.<\/p>\n Cybercriminals often target small- to medium-sized businesses (SMBs) in finance who\u2019ve been acquired by large players, while they adjust their security to meet the buyer\u2019s requirements. Kaspersky found, by analyzing dark web forums and chats<\/a>, criminal groups target these smaller organizations, then resell access to both organizations\u2019 internal networks. They predict an increase in this kind of activity, especially in Africa, Asia and Eastern Europe.<\/p>\n We all love convenient and quick purchases like Amazon\u2019s 1-click ordering<\/a>, despite that these methods usually mean saving and sharing more of our personal information. Yet, a month can\u2019t pass without a high-profile data breach<\/a> from a bank, online store or telecommunications company. Sometimes sensitive personal customer data is exposed, such as biometrics<\/a>.<\/p>\n We\u2019re also seeing the rise of impersonation methods where one person\u2019s image is replaced with another, using advanced audio, photo and video editing, known as deepfakes<\/a>. Fraudsters have already used deepfake voice imitation and social engineering to impersonate a CEO successfully<\/a>.<\/p>\n These six steps will help your business put in place the strong front against cyberfraud.<\/p>\n With growth, or any kind of change in business, comes the possibility of new risks of fraudulent activities. Make sure identifying opportunities for fraud is part of your risk assessment activity.<\/p>\n Look at the design of your digital services and loyalty program from a fraudster\u2019s point of view. Try to find \u2018loopholes\u2019 they could exploit.<\/p>\n These systems may, for example, analyze online sessions, monitor transactions and analyze payment behavior. They help avoid the financial, reputational and legal consequences of fraud and cut operational costs, such as support team time.<\/p>\n Put detection and protection measures in place, such as using a web application firewall (WAF)<\/a> to protect against bots and a solution to protect against Distributed Denial-of-Service (DDoS) attacks<\/a>.<\/p>\nCrawlers are copying prices and photos<\/h2>\n
Bots are getting more like us<\/h2>\n
How fraudsters manipulate<\/h2>\n
\n![\"cyber](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2020\/06\/09031702\/114_fraud_prevention_report_inline-1-1024x768.jpg\")
\nImagine you get a call from someone saying they\u2019re with the security department of an ecommerce site you visit. They say someone has tried to buy a high-value item with your credit card and that to stop the transaction, you must download an authentication app.<\/p>\nTrend 1: Fraud as a service<\/h2>\n
Trend 2: Resale of bank account access<\/h2>\n
Trend 3: Data leaks and deepfakes<\/h2>\n
The best ways to protect your business from today\u2019s fraudsters<\/h2>\n
1.\u00a0\u00a0\u00a0 Assess risks<\/h3>\n
2.\u00a0\u00a0\u00a0 Review product design<\/h3>\n
3.\u00a0\u00a0\u00a0 Use a fraud detection and prevention system<\/h3>\n
4.\u00a0\u00a0\u00a0 Strengthen your security<\/h3>\n
5.\u00a0\u00a0\u00a0 Strengthen your team<\/h3>\n