Online fraud matured well beyond expectations during the pandemic. Access to rapidly growing leaked records – such as the 8.4 billion passwords leaked in the RockYou2021 breach – have armed bad actors with the fundamental tools needed to execute larger and more devastating attacks than ever. In fact, fueled by the rapid acceleration of the Fraud Economy, fraudsters cost the world over $1 trillion in 2020 alone.
What is the fraud economy?
It’s important to understand that fraud attacks aren’t siloed. Information stolen from data breaches and the Dark Web allow bad actors to repeatedly execute more sophisticated types of attacks.
While a data breach on its own may not be enough for cybercriminals to execute immediate attacks, access to information like an email address can help bad actors conduct scams like phishing and other social engineering attacks. With access to a username and a password, fraudsters can easily take over user accounts and wreak havoc for both the consumer and the businesses they interact with.
Fraud economy growth, impact & new tactics
The relentless disruption felt across every industry as the world went digital exposed the depth of the Fraud Economy, and the dangers it poses to businesses across all industries.
Let’s take a look at how bad actors evolved their tactics to take advantage of the pandemic’s impact on business and our everyday lives over the last year:
Surge in fraud in unexpected places
Fraudsters’ activities act as a barometer of economic trends. Following the money allows them to fly under the radar of high traffic industries to commit illegal activity.
However, instead of solely focusing on high traffic industries, bad actors have begun targeting industries hit hardest by the pandemic. For example, fraud rates in the lodging and transportation industry surged by 71% and 42%, making them the top industries most impacted by fraudsters in 2020.
With the pandemic almost halting travel, you may be asking why fraud rates were so high in the lodging and transportation industry. It’s important to know that bad actors always look for merchants’ blind spots. Taking advantage of low user account activity across the travel industry, cybercriminals targeted dormant (or, not used) accounts to steal rewards points and credit card details.
The rise of the opportunistic fraudster
With nearly every facet of our lives turned digital, cybercriminals seize every opportunity to infiltrate the Dark Web and beyond. Forced out of many Darknet forums, due to recent crackdowns, bad actors have set their sights on secure messaging apps to conduct fraudulent activity.
As a section of the Deep Web, a part of the internet not indexed by search engines, secure messaging apps are a haven for professional criminals to remain anonymous while wreaking havoc and turning a profit. But, as an accessible platform to almost everyone around the world, these applications have become an attractive vehicle for new fraudsters to experiment with little risk.
While fraud newcomers may not be the ones stealing data from the Dark Web, they do highlight an important shift in the Fraud Economy. It no longer takes a group of state-sponsored hackers with years of experience to take down a business. Small but frequent attacks, such as professional bad actors offering opportunistic fraudsters a cheap meal at a discount using a stolen credit card and fraud scripts/playbooks on how to commit particular types of attacks, can have a huge impact on businesses’ bottom line. While these aren’t the most sophisticated attacks, merchants are often overwhelmed by the volume of new attacks, especially as the activity on messaging app forums continues to rise.
Payment fraud has become a mobile enterprise
In many ways, fraudsters mimic consumer behavior. So, as consumers embraced mobile shopping by setting a record high of over $284 billion in 2020, bad actors turned to mobile as well.
Today’s fraudsters focus less on careful, covert crimes and more on getting what they want however they can. Tapping their mobile devices provides bad actors with the ease to commit fraud at any time anywhere, which is why 62% of payment fraud was executed from mobile devices in 2020. The convenience offered by mobile, allows them to shoot for more valuable targets far more frequently. Seizing on climbing transaction volumes and changing consumer behaviors, bad actors are making larger attacks, driving the average attempted fraudulent purchase to over $2,000 – a 69% year-over-year increase.
As e-commerce becomes more ingrained and ultimately the preferred way of shopping, these emerging tactics will only become more frequent. The key to staying ahead of new types of fraud and abuse is by evolving beyond legacy approaches and adopting a Digital Trust & Safety strategy – one that dynamically addresses fraud while creating a more seamless experience for legitimate customers. By implementing new processes and technologies, such as machine learning, merchants can better defend their business in 2021 and beyond.
