Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:55 PM
Connect Directly

Likeliest Fraudsters Are, Or Claim To Be, 85-90 Years Old

New report paints a composite picture of the 'Fraudiest Person in America'

Buyers who are 85 to 90 years old -- or claiming to be -- are 2.5 times more likely to be fraudsters, according to new research by fraud detection provider Sift Science.

Although Sift Science analyzes transactions across the globe, they limited this study to a sample of with shipping or billing address in the U.S. They cross-referenced their transaction data with third-party data from FullContact to identify gender and age.

By examining the shipping addresses, researchers can ascertain where fraudsters (or reshippers they use) operate from, and billing addresses indicate where the most credit card data is stolen from. Generally speaking, researchers found that accounts were mostly stolen from the West coast and mostly used to ship items to the East coast, particularly the SouthEast. The fraud rate -- both shipping and billing -- was low throughout the MidWest.

More specifically, the state with the highest fraud rate based on billing addresses was Alaska, and the state with the highest fraud rate based on shipping addresses was Delaware, followed by Florida and Georgia.

The researchers found that the rate of e-commerce fraud was high in the same regions where robbery and unemployment rates were also high; they did not find a correlation between online fraud and any other kinds of crime. They also did not find any distinct difference between urban or rural areas, nor regions that traditionally voted Republican or Democrat.

It isn't buyers of splashy vacations or luxury items to look out for. Purchases of $20 or less are 2.16 more likely to be fraudulent than others -- and the smaller the amount, the more likely it's fraud. The reason is, fraudsters make micropurchases to test out stolen credit card data to see if it's still valid.

Most fraud happens during weekdays and 3 a.m. is the most fraudulent time of day -- regardless of time zone -- which leads researchers to believe that fraudsters work regular, late-night shifts.

Although some criminals are making efforts to dodge fraud detections by letting accounts sit idle for as long as 60 days before conducting criminal activity, accounts that are less than three days old are still three times more likely to be fraudulent. Plus, when multiple accounts (for the same site/service) are running from one device, it is more likely those accounts are fraudulent. If two to four accounts are on a device, it's eight times likelier they are fraudulent; if four to eight accounts, it's 14 times likelier. 

"When viewing this data, keep in mind The Fraudiest Person in America represents a composite of separate strong fraud signals, not a single individual who embodies all of these qualities," the report states. "(So, don’t assume that an 88-year-old Alaskan man buying socks for his grandson in Delaware is a fraudster…)"

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
10/22/2015 | 2:58:25 PM
Vigilance is key
If I was a malicious intender, I would take the approach of siphoning in small increments as well. I know many people that rarely check their financial accounts online and a small transaction would slip through possibly even if they did. The key here is vigilance, set up alerts for whenever money is taken out of an account, view your financial statements on a regular basis. Not only will it keep you safe, but help you save as well.
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
PUBLISHED: 2021-04-16
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...
PUBLISHED: 2021-04-16
Portofino is an open source web development framework. Portofino before version 5.2.1 did not properly verify the signature of JSON Web Tokens. This allows forging a valid JWT. The issue will be patched in the upcoming 5.2.1 release.