Fraudsters increasingly are turning to bot attacks to perpetrate new account creation fraud. A new report from LexisNexis Risk Solutions finds these kinds of attacks grew during the first half of the year. Fraudsters are using new account creation attempts to test, validate and build online identities for financial gain. E-commerce companies saw bots employed in new account creations increase 305 percent during the first six months of 2019.
The Cybercrime Report released this week examines the global fraud landscape and reveals that LexisNexis’ Digital Identity Network recorded 16.4 billion transactions from January to June. Of these, 277 million were human-initiated attacks, a 13 percent increase over the second half of 2018, said LexisNexis officials.
The research also uncovers an increasing level of networked crime, which are networks that emerge when digital identities are associated with confirmed fraud attempts across more than one organization.
“Organizations within the same industry, particularly banking, lending and stock brokerage, are most acutely affected,” according to a summary of the findings.
The new report details one example of how the Digital Identity Network tracked one specific fraudster across three industries and six different organizations (several financial services organizations, a media streaming company and a credit reporting agency) as the fraudster attempted to create new accounts, initiate repeated login attempts and make fraudulent payments in an effort to monetize stolen credentials, launder money and abuse bonus incentives.
The research also reveals fraudsters are seeing new mobile account creations and app registrations as opportunities to intercept one-time passcodes to fraudulently register mobile apps. Globally, attacks on mobile apps rose 148 percent in six months and are skewed towards media organizations, particularly social media and gaming/gambling organizations, where bad actors register for new player bonuses to sell for profit.
“Fraudsters no longer operate in silos, they are attacking across industries and organizations," said Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions. “As seen by a detailed example in the report, one fraudster can carry out a large number of transactions against a series of global organizations using a single mobile device.”