Report: Phishing Attacks Up By 297 Percent Across E-Commerce in Q3 2018
October 24, 2018
IntSights Cyber Intelligence, a leading provider of enterprise cyber threat intelligence and mitigation solutions, and Riskified, the eCommerce fraud-prevention leader, released today "The Retail and eCommerce Threat Landscape Report (October 2018)." The report illustrates how cybercriminals are increasingly targeting retailers and their customers through digital and social channels as retailers leverage new channels for increased revenue opportunities. In addition, the report addresses the scope and severity of the current threat and fraud landscape for retailers.
In this joint report, IntSights scoured the Clear and Dark Web to assess retail data and goods being sold illegally, new cyber scam tactics and how cybercriminals impersonate brands online to trick unknowing consumers. Riskified analyzed the transaction-level results of hundreds of millions of purchases for indicators of fraud to identify trends and new tactics used by fraudsters.
"As eCommerce continues its explosive growth, fraud has followed suit, making it very difficult for merchants to distinguish good customers from bad actors," said Eido Gal, CEO of Riskified. "Inefficient fraud prevention costs merchants billions in chargebacks, overhead and missed sales, so accurate decisions are a must. We partnered with IntSights to look at fraud from start to finish - from selling compromised bank information to fraudulent purchase attempt to reselling the ill-gotten goods on the dark web - to assemble a clear picture of just how prevalent and sophisticated fraud is. With that understanding, we've developed our recommendations for the best ways to minimize the impact of fraud and keep good customers happy."
The report analyzed data from Q3 2017 to Q3 2018 and found the following key trends:
- 297 percent rise in the number of false retailer websites designed to "phish" for customer credentials. In Q3 alone there was an average of 23 phishing sites per company, which is a significant increase from 2017, which averaged 5.9 phishing attacks per company
- 278 percent rise in stolen goods listed on black markets for resale
- Average of 22.1 internal login pages or development servers exposed per retail company in 2018. When accessed this gives cybercriminals a portal into the retailer's internal network
- Fake apps and social media profiles are on the rise with a 469 percent spike in suspicious applications and a 345 percent increase in fake social media profiles (respectively) in Q4 2017
"Retailers are increasingly focused on driving sales through a variety of online channels -- Facebook, SMS messaging, Instagram, Twitter and more -- all of which provide an ideal opportunity for fraudsters to lure in new victims through phishing attacks as it is the most common way to obtain stolen credit card numbers," said Guy Nizan, Co-founder and CEO of IntSights Cyber Intelligence. "As prime targets for cyber crime, retailers need to understand how their goods are being sold and bartered for on the Dark Web. This glimpse into criminal behavior and activity helps inform the overall cybersecurity program, leading to an increase in security posture."
In addition to data, the report provides an in-depth look at why fraudsters are attacking merchants and how merchants can better protect themselves, including:
- Why eCommerce retail is so attractive for fraudsters: Abundance of merchants to target (many with weak security); relatively low risk and high reward
- How the dark web is enabling fraudsters: From selling credit card data and personal information from data breaches to sharing commonly used tools and schemes
- How retailers can be proactive in combating fraud
- Best practices for avoiding fraud while approving good orders
- Predictions for 2019
For more information on Riskified, please visit https://www.riskified.com.
For more information on IntSights, please visit https://www.intsights.com.
Riskified improves global eCommerce for merchants and consumers. The world's largest brands - from airlines to luxury fashion houses to gift card marketplaces - trust us to increase revenue, manage risk and improve their customer interactions. Inefficient eCommerce fraud prevention and unnecessarily declined orders cost businesses billions in chargebacks, overhead and missed sales. Riskified uses powerful machine-learning algorithms to recognize good orders and weed out bad with a 100% guarantee against fraudulent chargebacks. Sell with confidence. Trust Riskified.
IntSights is redefining cyber security with the industry's first and only enterprise threat management platform that transforms tailored threat intelligence into automated security operations. Our groundbreaking data-mining algorithms and unique cyber reconnaissance capabilities continuously monitor an enterprise's external digital profile across the surface, deep and dark web, categorize and analyze tens of thousands of threats, and automate the risk remediation lifecycle -- streamlining workflows, maximizing resources and securing business operations. This has made IntSights' one of the fastest growing cybersecurity companies in the world. IntSights' has offices in Amsterdam, Boston, Japan, New York, Dallas, Singapore and Tel Aviv. To learn more, visit: https://www.intsights.com.
Follow us on Twitter: @IntSights
Visit us on LinkedIn: https://www.linkedin.com/company/intsights