DataVisor has released its Top 5 online fraud predictions for 2016, and it’s expecting escalating threats from social sites, digital wallets and global online-to-offline services; account takeovers due to ongoing data breaches; and a movement of fraudsters to the cloud.
The firm believes that social sites become bigger targets as lines between social and e-commerce blur. In 2015, many traditional social networking sites such as Pinterest, Facebook and Twitter announced plans to add “Buy” buttons to their platforms in an effort to increase stickiness with their users and help monetize their user base. However, this will attract more fraudsters looking to conduct fraudulent transactions on these platforms.
Also, EMV cards and digital wallets are expected to shift more fraudulent credit card attacks online, aka, card-not-present (CNP) fraud.
“The increasing adoption of the new EMV cards and new digital wallet solutions, such as Apple Pay and Google Wallet, will have the unfortunate consequence of moving fraudsters online to monetize fake and stolen credit cards,” DataVisor noted in its crystal-ball report.
Also, global online-to-offline (O2O) wars will likely increase the rate of user-acquisition promotion fraud.
For example, in an effort to gain market share, Uber has invested more than $2 billion to expand in China and India. Not to be outdone, rival car share service Didi invested over $2 billion in China, and is also funding Lyft in the US and Ola in India.
“Much of this money is intended for promotions to attract new drivers and users. Unfortunately, we have seen reports of a huge volume of user acquisition fraud, where drivers make hundreds to thousands of dollars per month in subsidies by registering multiple driver accounts and conducting fake rides,” warned DataVisor.
At the same time, old-fashioned threats are still around. Account takeovers will rise as result of continued large data breaches, DataVisor predicts.
“We are now operating in the era of ‘peak data breach,’” it said. “Whether it is your healthcare provider, your university, your favorite retail store or the government, your personal data has probably been stolen by now as a result of one or multiple of these high profile breaches.”
And finally, in all likelihood, cyber-attackers will move to the cloud. Cloud services such as AWS, Azure and Google Cloud are already victims as fraudsters register a massive number of free, trial accounts and use their computation infrastructure to conduct attacks. Other popular cloud services, including dedicated/virtual hosting (e.g. OVH, Quadranet, Ubiquity Hosting, etc.) and anonymous proxies (e.g. PureVPN, ZenMate), will also become increasingly common among online criminals.
“Cloud allows cyber attackers to significantly increase the number of attack campaigns they can conduct, attributed to the elasticity and compute capacity of these services, and allows them to easily hide behind legitimate network sources and thus remain anonymous,” DataVisor warned.
Photo © Mike Dotka