Criminals attempt 25 million payments and logins a month

About 25 million of the 1 billion transactions analyzed each month by ThreatMetrix are fraudulent, the company said in a new report.

During the last quarter of 2014 and the first quarter of 2015, 4 percent of all attempts to create new online accounts were definitely illegitimate, as were 2.3 percent of all account logins, and 3.2 percent of all payment attempts.

There were 11.2 million fraud attempts during the holiday shopping season alone, the company said.

"This is actually undercounting the problem because it is not counting the gray area ones that might require further review," said Alisdair Faulkner, chief products officer at ThreatMetrix.

He declined to provide the statistics for how many transactions fall into the possibly fraudulent category, but they would typically lead to additional verification steps, such as two-factor authentication.

This was the company's first such report, so older historical data is not available.

Twelve of the top 20 e-commerce sites, three of the major credit card brands, five of the top banks are among the institutions that use ThreatMetrix to spot fraud.

The highest level of attempted fraudulent payment and logins was in the media industry, he said, which includes such services as social networks, content streaming, and online dating. About 4 percent of all payment attempts were fraudulent, and 6.2 percent of account login attempts.

E-commerce sites saw the highest level of account creation fraud, however, at 6.7 percent of all attempts.

According to ThreatMetrix, fraudsters are increasingly creating new accounts to make use of stolen credentials.

Faulkner said he was surprised to see the increase in attacks, and suggested that criminals may be trying to use the credentials they stole in last year's high profile data breaches.

He also suggested that it's not just e-commerce, finance and media companies that are vulnerable, but other types of enterprises as well, if their employees used their company email addresses as credentials at breached companies.

"Employee identities are already in someone else's hands," he said. "You need to protect your company against everyone else's data breaches -- not just your own."

Some companies are already using identity verifications systems like that of ThreatMetrix, especially for remote logins.

This technology could have prevented the recent breach at the Partners HealthCare System, Faulkner said, where criminals were able to get into employee email accounts.

The ThreatMetrix report also analyzed the most common methods hackers used.

Device spoofing, for example, was used in 6.1 percent of all transactions, and was the most common technique used when logging into stolen accounts.

Identity spoofing, at 4.3 percent, was most used when creating new accounts.

Geographic spoofing, at 3.3 percent, came in most handy when criminals were trying to make payments. Payment transactions also frequently involved IP spoofing, bots, and man-in-the-middle techniques.

These numbers have all been increasing over the past six months, he added.

The numbers are higher than actual incidents of fraud, Faulkner said, because individually any of these methods could have a legitimate explanation.

For example, there might be reasons why someone's IP address sets off warning bells.

"It could be that someone is very privacy conscious," he said, "Or using VPNs to connect through their work. Just because you're spoofing an IP address, doesn't necessarily mean you're illegitimate."

Join the CSO newsletter!

Error: Please check your email address.

Tags ThreatMetrixcyber attacksespionagesecurity

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts