One in ten new user accounts created to perpetrate fraud: ThreatMetrix

One in every ten user accounts opened online is created by an online criminal using false credentials to support Web-fraud efforts, research from security vendor ThreatMetrix has suggested.

Number-crunching from the company’s Global Trust Intelligence Network, which aggregates information from 1.7 billion security events across 1500 customers and 9000 Web sites, had seen a doubling in the frequency of efforts to perpetrate payments fraud – from 3.1 per cent of attacks to 6.4 per cent in the six months to March – using fraudulent accounts.

Common fraudulent transactions included creating a profile on a social-networking site, enrolling in an authentication scheme or applying for new lines of credit. Account takeover attempts grew by 168% over the same period, with man-in-the-browser attacks harvesting details and automated credential-testing scripts testing those credentials for effectiveness.

Other credentials are harvested from other sites, on the basis that many customers reuse credentials across sites; criminals just test user-name and password combinations until they hit upon a working combination.

“Account registrations saw the highest rate of attack among the key customer engagement use cases,” said Alisdair Faulkner, chief products officer with ThreatMetrix in a statement. “These breaches underscore the relative ease of obtaining a person’s full identity information sufficient enough to bypass most identity verification capabilities.”

The doubling of the attack rate in six months reflected the increasing use of banking malware to steal financial details, as well as an increasing percentage of digital goods within the company’s customer base and expansion of their businesses worldwide.

Also fingered was increasing use of free and commercial VPN services, and growing use of platform-as-a-service providers to set up IP tunnels that help avoid detection. While financial services generally require some level of identity information online and block known fraudsters, attackers’ real identity was most commonly hidden by being redirected through proxies and VPNs, which can be used to bypass IP address-based blacklists.

The growing focus on financial targets was raising the stakes in online cybercrime defence initiatives, with financial targets naturally increasing as ever higher-value transactions were run online.

“The economic impact of these attacks varies by industry,” Faulkner said. “However, the common thread is that without automated visibility into the true device, persona, relationship and global behaviour, the only alternative is additional verification roadblocks put in front of legitimate customers and extended review and hold-out periods.”

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags ThreatMetrix

Show Comments