Fake mobile app fraud tripled in first half of 2019, finds RSA Security
17 October 2019 | 0
Fraud attacks originating from fake mobile applications rose by 191% in the first half of 2019 according to a new global fraud report from digital risk management experts, RSA Security.
Its Quarterly Fraud Report represents a snapshot of the cyber fraud environment and provides actionable intelligence to consumer-facing organisations.
The report’s findings were gathered by the RSA’s Fraud and Risk Intelligence unit. The team infiltrate cyber-criminal groups to unearth fraud campaigns and track proliferation.
Findings are based on data recorded between 1 April, 2019 and 30 June 2019.
It found that fraud attacks are on the rise; the total number of global fraud attacks detected in the first half of 2019 was 63% higher than the number recorded in the second half of 2018.
Ramnit banking Trojan
Financial malware attacks increased by 80% in the first half of the year. One of the major culprits of this was Ramnit banking Trojan; an old favourite for fraudsters. First detected in 2010, it has reappeared every few years in new guises to target financial institutions and their customers.
Fraudsters have increasingly been using adapted versions of it to circumvent defences; it was found to be distributed via executable files that are downloaded and opened by unknowing users.
E-commerce payment fraud attempts originating from a ‘trusted account’ – i.e. one known by the RSA fraud system for over 90 days – but a new device rose from 20 – 80% of all total e-commerce fraud. Perpetrators are doubling down on account takeovers to evade fraud detection, it said.
Of all card-not-present (CNP) fraud transactions, 47% originated from the mobile channel. In the US, the average value of these transactions was $352.
Phishing accounted for 37% of all fraud attacks observed by RSA in Q2. Overall, phishing volume has increased 6% since last year. Indeed, phishing attacks targeting India increased 54% while attacks targeting South Africa increased almost 200%.
Canada was once again the most targeted country, but its overall attack volume decreased 33% from last year.
Daniel Cohen, director of the fraud and risk intelligence unit at RSA Security said: “The digital transformation of finance is well underway and yet, this transformation is a double-edged sword; while digital has created opportunities for organisations to improve customer experience, it also introduces new digital risks that need to be managed.”
“The fact that fraud via fake mobile applications tripled in the first half of 2019 is testament to how perpetrators will constantly seek out weak points. Here, they are exploiting consumers’ growing trust in mobile apps as a means to interact with brands and make purchases.
“To keep pace with constantly evolving tactics, banks need to take a layered approach to proactively manage the risk of fraud across all channels. This will help them embrace the opportunities that come with digital transformation whilst maintaining confidence in their ability to detect and respond to fraud, protecting both themselves and their customers.”
Cohen said that to stay vigilant of digital risks, consumers must: “Firstly, avoid clicking on links in text messages or e-mails from unfamiliar senders as this lowers the chance of having your bank details stolen, or malware being installed on your device.
“It’s also important to keep track of bank transactions; often, fraudsters will start with smaller purchases to test the water, so monitoring bank accounts closely is vital to catch fraudsters early. Finally, in light of the rise in fake mobile apps, download new applications with caution, make sure to verify the publisher and pay close attention to what data permissions each app requests.”