Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:55 PM
Connect Directly

Likeliest Fraudsters Are, Or Claim To Be, 85-90 Years Old

New report paints a composite picture of the 'Fraudiest Person in America'

Buyers who are 85 to 90 years old -- or claiming to be -- are 2.5 times more likely to be fraudsters, according to new research by fraud detection provider Sift Science.

Although Sift Science analyzes transactions across the globe, they limited this study to a sample of with shipping or billing address in the U.S. They cross-referenced their transaction data with third-party data from FullContact to identify gender and age.

By examining the shipping addresses, researchers can ascertain where fraudsters (or reshippers they use) operate from, and billing addresses indicate where the most credit card data is stolen from. Generally speaking, researchers found that accounts were mostly stolen from the West coast and mostly used to ship items to the East coast, particularly the SouthEast. The fraud rate -- both shipping and billing -- was low throughout the MidWest.

More specifically, the state with the highest fraud rate based on billing addresses was Alaska, and the state with the highest fraud rate based on shipping addresses was Delaware, followed by Florida and Georgia.

The researchers found that the rate of e-commerce fraud was high in the same regions where robbery and unemployment rates were also high; they did not find a correlation between online fraud and any other kinds of crime. They also did not find any distinct difference between urban or rural areas, nor regions that traditionally voted Republican or Democrat.

It isn't buyers of splashy vacations or luxury items to look out for. Purchases of $20 or less are 2.16 more likely to be fraudulent than others -- and the smaller the amount, the more likely it's fraud. The reason is, fraudsters make micropurchases to test out stolen credit card data to see if it's still valid.

Most fraud happens during weekdays and 3 a.m. is the most fraudulent time of day -- regardless of time zone -- which leads researchers to believe that fraudsters work regular, late-night shifts.

Although some criminals are making efforts to dodge fraud detections by letting accounts sit idle for as long as 60 days before conducting criminal activity, accounts that are less than three days old are still three times more likely to be fraudulent. Plus, when multiple accounts (for the same site/service) are running from one device, it is more likely those accounts are fraudulent. If two to four accounts are on a device, it's eight times likelier they are fraudulent; if four to eight accounts, it's 14 times likelier. 

"When viewing this data, keep in mind The Fraudiest Person in America represents a composite of separate strong fraud signals, not a single individual who embodies all of these qualities," the report states. "(So, don’t assume that an 88-year-old Alaskan man buying socks for his grandson in Delaware is a fraudster…)"

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
10/22/2015 | 2:58:25 PM
Vigilance is key
If I was a malicious intender, I would take the approach of siphoning in small increments as well. I know many people that rarely check their financial accounts online and a small transaction would slip through possibly even if they did. The key here is vigilance, set up alerts for whenever money is taken out of an account, view your financial statements on a regular basis. Not only will it keep you safe, but help you save as well.
5 Ways to Up Your Threat Management Game
Wayne Reynolds, Advisory CISO, Kudelski Security,  2/26/2020
Exploitation, Phishing Top Worries for Mobile Users
Robert Lemos, Contributing Writer,  2/28/2020
Kr00k Wi-Fi Vulnerability Affected a Billion Devices
Robert Lemos, Contributing Writer,  2/26/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-28
On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for so...
PUBLISHED: 2020-02-28
Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensi...
PUBLISHED: 2020-02-28
An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.
PUBLISHED: 2020-02-28
A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token. When combined with CVE-2020-6803, an attacker could fully compromise the system.
PUBLISHED: 2020-02-28
BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.