Study: Online fraud grows sophisticated

Cyberattacks are more closely mimicking human behavior and following seasonal patterns.

According to the “2019 Fraud Risk at a Glance Report” from Mastercard company NuData Security, fraudsters are beginning to focus on quality of attack, rather than volume. Sophisticated attacks that display expected browser or application behavior and runs scripts in the environment to create this human-like interaction increased 430% between July and November 2019 compared to the first six months of the year. 

In addition, human-driven account takeover attacks where an actual person types out the required information on a device and bypass bot mitigation challenges rose 330% from August-November 2019 compared to the prior seven months. However, fewer than 2% of attacks during the first 11 months of 2019 used spoofing (changes on the device information to mislead the company’s security) compared to 60% during the same period in 2018. The study analyzes cyberfraud activity from Jan. 1 to Nov. 1, 2019.

February was the peak month for cyberattacks in the retail sector. The days in 2019 with the most e-commerce fraud were Feb. 25, Jan. 3, and Feb. 24. The countries responsible for the highest percentages of cyberattacks (in alphabetical order) were Brazil, India, Indonesia, Russian Federation, Thailand, Ukraine, United States, and Vietnam. 

Cyberattacks originating in the U.S. include attempts made by fraudsters in other countries who mask their location as the U.S. to decrease the chance of detection. Almost all the attacks made from all of these countries are account takeover (ATO) attacks, which include fraud attempts at login and password reset. NuData advises that retailers can blacklist these attempts and automatically challenge them if they come from countries with high-risk and less-trusted traffic.

The report collected insights from the NuData Trust Consortium, a pool of aggregated and anonymized data from NuData Security clients.