Mobile Fraud Is on the March, Finds New RSA Report

The RSA Quarterly Fraud Reportis a new brand of report containing fraud attack and consumer fraud data and analysis from the RSA Fraud and Risk Intelligence team. They call it "a snapshot" of the cyber-fraud environment, hoping to provide actionable intelligence to consumer-facing organizations and effect a more effective digital risk management.

Starting January 1, 2019, and ending March 31, 2019, RSA observed several global fraud trends across attack vectors and digital channels.

One was that fraud attacks from rogue mobile applications increased 300%, from 10,390 rogue apps in Q4 to 41,313 in Q1.

Along with this, phishing accounted for 29% of all fraud attacks observed by RSA in Q1. While RSA says that overall phishing volume increased less than 1% quarter over quarter, in terms of overall fraud attacks, phishing decreased sharply due to what they called "the exponential growth of attacks launched by rogue mobile apps."

Forty-eight percent of all the fraud attacks observed in Q1 were phishing attacks, with Canada, the US, India and Brazil being the top countries targeted by phishing.

Canada as a prime target may seem incongruous at first look, but one must remember that Interac, the Canadian interbank network, underwent a relaunch in Q1. Cybercriminals looking to test their efforts against the new version of Interac may be accountable for the rise that was seen by RSA.

Fraud attacks that were involved in introducing financial malware to a system increased 56%, from 6,603 in Q4 to 10,331 in Q1. Let's not forget what powers Internet ecommerce, in all of this. A credit card is the tool used to grease that commerce machine. But the actual card’s presence is not needed for an ecommerce transaction. This disconnect can allow fraud.

RSA saw that Card-not-present (CNP) fraud transactions increased 17% in Q1, and 56% of those were seen by RSA to originate from the mobile channel. The average value of a CNP fraud transaction in the US was $403, nearly double that of an average genuine transaction which came in at $213.

And, of course, RSA would like it to be known that they recovered over 14.2 million unique compromised cards in Q1, which was a 33% increase from the previous quarter.

Now, it's much easier to conduct transactions through the mobile channel than on the web channel. This can be another factor in the spike that RSA has seen. The criminals that are drawn to it can transact as they go. Organizations are also starting to also add new functionality to mobile apps which may be of use to a cybercriminal. New account/new device combinations were found to be 32% of all fraudulent transactions. Fraudsters are seemingly turning to new, unused devices to enable their new profile frauds.

RSA also found the quarter has seen the rise of account checker studio programs. These open up the creation of account checkers-style automated attacks to the broader fraud community. RSA expects a growth in automated credential stuffing and account takeover attacks over the next few quarters as these studio creators gain in popularity.

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.