Security Experts:

Account Takeover Attempts Nearly Double Over Six Months: Report

Account takeover attempts and credit card fraud have nearly doubled over a six month period, ThreatMetrix said, as part of its new Cybercrime Index, which examines Web fraud and provides insight into the prevalence of such attacks. 

In a six-month window encompassing the last three months of 2012 and the first three months of 2013, ThreatMetrix found that highest number of Web fraud involved new account registrations using spoofed and synthetic identities. New account registrations include applying for new lines of credit, creating a profile on a social networking site or marketplace, and enrolling in an authentication scheme, the company said.

“Nearly one in every ten new accounts opened online is done using a spoofed identity, and the incidence of account takeover attempts and online payments fraud have both doubled in the last six months,” said Alisdair Faulkner, chief products officer at ThreatMetrix.

This isn't surprising, considering the number of large-scale data breaches that have been reported recently, Faulkner said. The breaches underscore just how easy it is for criminals to obtain enough information about the person's identity to bypass most identity verification systems.

The most common form of stolen identities is via human- or bot-generated fraud attacks that are routed through proxies and VPNs designed to disguise where the attack is originating from, according to ThreatMetrix. The proliferation of free and commercial VPN services and the popularity of platform as a service offerings to set up ad hoc tunnels allow attackers to bypass IP-address-based geo-filter blacklists.

Payment fraud attempts, such as online credit card transactions and money transfers, increased from 3.1 percent to 6.4 percent over the same six-month period, according to the Cybercrime Index. Sophisticated cyber-gangs are increasingly adopting banking malware to intercept full credit card information from customers as they enter it online. The malware can inject a “fake verification step” in the form of a page asking for this information when the user is logging into a bank account, Faulkner said.

Account takeover attempts increased by 168 percent, ThreatMetrix said. Traditionally seen on banking and brokerage sites, account takeovers are now a problem for e-commerce sites that store credit card details and software-as-a-service sites that hold valuable customer data. Attackers are targeting these sites since most of them have not gotten around to beef up their protections to the extent financial services organizations have, the company said.

Account takeover attempts are also much more sophisticated, with attackers using blended techniques to exploit companies who don't check device identification, scan for malware, or look for bots. The attacks include malware, such as man-in-the-browser Trojans, to intercept login credentials, and automated scripts that check the account for details on its balance or saved information.

The total cost of cyber-crime and efforts to prevent attacks surpassed $1 trillion a year, although the economic impact of the attacks vary by industry, ThreatMetrix said.

The increased sophistication of malware means organizations should assume that a “material percentage” of customer accounts are either compromised or used for criminal purposes, said Faulkner, Considering that data breaches are “imminent,” organizations should invest to gain automated visibility into device information, persona, relationship, and global behavior. The alternative is to place additional verification roadblocks, which would slow down legitimate users as well.

ThreatMetrix calculated the Cybercrime Index from data compiled from customers in its TrustDefender CyberCrime Prevention Platform and information gathered by the ThreatMetrix Global Trust Intelligence Network. The data used for the index was aggregated from 1,500 customers, 9,000 Websites and more than 1.7 billion cyber-events, the company said.

Subscribe to the SecurityWeek Email Briefing
view counter
Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.