The coronavirus pandemic has further vitiated the fraud ecosystem, with attackers inventing new techniques and creating novel opportunities for online fraud and abuse. As a result, digital businesses are under tremendous stress to protect themselves and their customers from ingenious techniques of online fraud and abuse. We convened a panel of fraud experts from Ticketmaster, Github, Payoneer, and the Merchant Risk Council to discuss some of the interesting or emerging abuse that they are seeing. Here’s what we found out!
Fraudsters are taking advantage of increased online traffic to scale up their attacks across multiple digital touchpoints—logins, payment fraud, scraping, inventory holding, and more. Depending on the target industry, attackers are maneuvering their online fraud and abuse tactics to maximize gain.
In the ticketing industry, for example, attackers deploy bots to buy tickets in bulk— beyond the specified limits for individual users. Nearer the events, these popular tickets are resold at a premium price. Ticket ownership can be transferred multiple times, hoping that the ticketing platform loses track of where they finally end up.
More and more platforms now allow interaction and communication between users – for example, technology platforms, online gaming, and dating apps. However, this peer-to-peer communication is subject to harassment, scams, and commercial spam. Monitoring and policing content is no simple task, so the trick here is to identify all bot-driven activity on these platforms and to stop bogus accounts from being set up in the first place to prevent downstream abuse.
Many technology, streaming, and entertainment platforms offer freemium models to attract new users and even offer discount programs for special categories of people such as students. Collaboration platforms are seeing interesting routes to monetization, with fraudsters abusing promotions by using fake student credentials to get the discount package and then reselling the packages at a premium price. Fraudsters also abuse the collaboration areas on open source software by creating or upvoting malicious software. This manipulation of ratings can lead people into installing something that can be malicious and compromise their devices.
Additionally, we have seen fraudsters targeting a promo offer on a tech platform intended to entice new users by offering free credits to cloud infrastructure. Bad actors were abusing this offer to mine cryptocurrencies, costing the businesses money in compute resources.
Retailers are among the most attacked for online fraud and abuse. This has increased in the Covid era with the shift to delivery and BOPIS (buy online pick up in-store) and many traditional retailers having to quickly pivot to digital. eCommerce marketplaces are targeted with bogus listings with fraudsters posing as sellers but do not deliver the items. These fraudsters operate on multiple platforms to maximize profit and dupe unsuspecting buyers. Shutting down fraudulent stores and sellers to prevent online fraud and abuse can be a game of whac-a-mole, with them popping up under different guises and identities on various platforms.
Friendly Fraud & Opportunism
One of the growing challenges that businesses today are facing is friendly fraud. The financial hardships caused by the coronavirus pandemic have blurred the lines of what is acceptable behavior for regular individuals. Many merchants are reporting an astonishing spike in this type of fraud, causing a major headache for their teams to deal with.
This trend has provided a new opportunity for organized fraud also, with refund fraud being attempted at scale. The widespread cancellations of airline and concert tickets also provided an opportunity to hack into accounts to steal credits and airline miles.
As mentioned earlier, fraudsters have devised novel methods to attack. They are now also committing crimes of opportunity. One of our panelists has personally been the victim to a food delivery account being hacked into, abusing contactless delivery to get an item dropped outside.
Enhance front-end due diligence
The growing acceptance and popularity of online channels for daily life activities is causing a huge increase in the volume of digital interactions; and a proportional increase in online fraud and abuse. Businesses are fighting a deluge of fraud on a day-to-day basis. This should prompt them to take security more seriously and fine-tune their defense strategies.
Keeping track of events in global markets can provide clues to an impending attack and help businesses prepare accordingly. Although we have become somewhat desensitized to data breach news, incidents continue to rise.
Collaborate to fight online fraud and abuse collectively
Businesses must collaborate and share intelligence for a more effective and collective fight against the growing menace of fraud. This open communication will provide them with much-needed guidance and open their eyes to novel attack types. Businesses can revisit their fraud strategies to identify the most appropriate countermeasures in the wake of evolving fraud tactics. It will allow them to review historical data, rule sets, and internal policies to create new processes and edit sandboxes for enhanced efficiency. They can also identify activities that can be automated for greater efficiency.
To learn about the challenges of protecting an expanding attack surface across user touchpoints, watch the Bankrupting Fraud Virtual Summit past session recording “Above & Beyond – Abuse and Deceit Across User Touchpoints” where speakers from Ticketmaster, MRC, GitHub, and Arkose Lab discuss the many different digital touchpoints through which customers can engage with businesses.