High-profile, large-scale data breaches have underlined the far-reaching consequences of a breach. Cybercriminals aren’t just looking for access to the accounts they’re currently hacking, which may offer little or no immediate financial reward. Relying on the fact that many people use the same username and password pair on multiple sites, they are looking for account credentials that can be used to target those account holders elsewhere—on popular e-commerce, money transfer or gaming sites, for example.
Once stolen credentials have been tested and verified (another abuse of your website), hackers will use them to make fraudulent purchases or transfers, or sell them on to other cybercriminals to do the same. Our 2018 Cybercriminal Shopping List infographic shows how much account credentials are worth on the dark market. Prices range from mere cents up to $15 per account depending on a number of factors including the consumer brand, type of service, and whether there is a payment card saved on file.
Five Simple Steps to Sanity
What this means is that one organization’s data breach can soon become an issue for other businesses too. In order to take protection of your customers' accounts to the next level, follow our ‘five simple steps to sanity.’
· Understand the market for stolen data
The dark web works in the same way any other market does: it’s highly competitive and market forces influence the price of goods and services. Each type of credential has a price, and cybercriminals will diversify when necessary—adding healthcare records to their inventory, for example. It’s not just the dark web though. Much of this data can be found for sale in plain sight on most social media platforms.
· Use infinite factors to determine identity
Data breaches have proven time and again how vulnerable static data is as a form of identity proofing. In today’s interconnected world, every trace of metadata we leave behind in our digital footprint can be leveraged as a better means to “know your customer.” Think about what you are doing today to validate your customer’s identities and what other attributes you could leverage to improve identity assurance. It could be the use of SMS text or biometrics, or even the way a customer navigates through your website.
· Be prepared for credential testing
Just like other organizations, criminal networks are constantly looking for ways to operate more efficiently. Credential stuffing tools allow fraudsters to check stolen username and password pairs in moments. To help identify credential testing—which often heralds account takeover attacks—organizations should monitor web sessions for robotic behavior, multiple login failures, and login attempts from locations that aren’t usually associated with normal traffic.
· Monitor for identity theft and account takeover
It is not unusual to see an account takeover outbreak after a large breach as fraudsters use verified stolen credentials to take over existing accounts – and even create unauthorized new ones. RSA data scientists have studied fraud patterns associated with account takeover and new account fraud and found that new accounts have 15 times greater fraud rates in the first ten days. You can spot suspicious behavior on existing accounts by watching out for logins from new devices, password and other account profile changes, and for banks and payment service providers, the addition of new payees—which is when 70% of fraudulent payments are made.
· Educate your customers
Be a “trusted advisor” for your customers when it comes to online security. For example, consider providing safety tips to customers on the home page of your website or in promotional emails offering an easy process for them to report suspicious emails or offers. Demonstrating to customers that you care about their online safety helps to build brand loyalty.
Fight Back Against Account Takeover
Watch FOX Business's coverage of the 2018 Cybercriminal Shopping List. Take another look at our 2018 Cybercriminal Shopping List infographic to see how much stolen customer credentials change hands for on the dark web and download the latest analyst report on behavior analytics to learn more about what you can do to address account takeover and new account fraud.
Author: Heidi Bleau
Category: RSA Point of View, Blog Post
Keywords: Cyber Crime, Cyber Criminals, Consumer Security, Account Takeover, Data Breach, Dark Web, Identity Theft, Fraud Detection, Fraud Prevention