Mobile App-Based Fraud Jumps in Q2

RSA Security has said it recovered over five million compromised cards from underground marketplaces and other sources in the last quarter, a 60% increase on the previous three months.

The security vendor’s Quarterly Fraud Report for Q2 2018 also revealed that the threats facing consumers and brands have evolved slightly, with mobile playing a greater role.

While phishing emails, texts (smishing) and phone calls (vishing) remained the most prolific type of fraud attack in the period, accounting for 41% of the total, trojan malware and rogue apps swapped places.

Attacks involving financial malware dropped from 25% in the previous quarter to 16% in Q2, while the number of rogue mobile apps RSA detected jumped 13% to reach 9185: 28% of the total number of observed attacks.

These apps typically abuse consumer trust in brands by faking well-known apps to harvest information.

In addition, mobile app and mobile browser transactions comprised 71% of total fraud transactions, up 9% from Q1 2018. Fraudulent transactions via mobile channels increased 16% year-on-year.

RSA also revealed the growing popularity of new account fraud.

Just 0.4% of legitimate payment transactions were attempted from a new account and device. This is in stark contrast to the 27% of the total value of fraudulent payments made through new accounts and devices in the period.

RSA claimed fraudsters continue to use burner devices and fake accounts to try and circumvent fraud filters.

What’s more, 28% of fraud originates from a known or trusted account and device, suggesting these devices have been infected with financial malware designed to carry out account takeover attacks.

The figures come as new stats from Compare the Market out this week revealed UK cyber-enabled fraud losses soared past £2bn last year, with the amount stolen rising 38% over the period, from £600 per person to £833.

What’s Hot on Infosecurity Magazine?