Securing the Digital World

While in Lock Down, Here’s What Fraudsters Did in Q1 2020

Jul 07, 2020 | by Yael Gour |

The first quarter of this year was anything but “normal.” A global health crisis resulted in the acceleration of digital transformation across all sectors, especially those in consumer-facing industries (like retail & financial institutes) that required customers to interact and transact solely via digital channels.

Fraudsters and cybercriminals adjusted their techniques quickly so they could monetize from the chaos triggered by the global disruption. 

In the first quarter of 2020, RSA identified 50,119 cyber attacks worldwide. The greatest percentage of these were phishing attacks, representing 54% of all attacks identified. While phishing is probably one of the oldest tricks in the book, phishing campaigns during this quarter had a COVID-19 theme. The phishing campaigns tried to capitalize on relief fund cash out scams, World Health Organization (WHO) best practices, updates about vaccines and much more.

Brand abuse attacks -- website and social media content, as well as fake domain registrations that misuse an organization’s brand with the purpose of misleading users -- made up 22% of all attacks, an increase of 5% over the previous quarter. 

In Q1 2020, 58% of fraud transaction value originated from a new device on a trusted account, indicating that account takeover activity continues to be a preferred attack vector. After fraudsters harvest user credentials and personal information using phishing techniques, they use these credentials for account takeover attacks and bypass multifactor authentication methods.

So, what can organizations do to mitigate these risks?

  • Consumer education: Dedicate resources towards educataing end-users on how to avoid falling victim to scams. 
  • Phishing and cyber attack risk mitigation: While consumer education is key, there will always be a user who will fall a victim to a sophisticated phishing or other scam. Therefore, it is important to be able to detect and shut down these attacks quickly. 
  • Build resiliency into your anti-fraud operation: During the health crisis, RSA observed a significant decline in case markings (confirmed fraud or confirmed genuine marking in case management application) which indicates a lack of resiliency of the anti-fraud operation. Case marking is crucial for fraud prevention tools that utilize supervised machine learning techniques. In times of disruption where fraud trends changes case marking is even more important than usual. Building resiliency and process into your fraud operation team and enabling the team to work offsite is crucial.
  • Review your policy rules: Adjust as needed as new circumstances will reveal new trends and policy rules should be adjusted to the new “normal.”
  • Review and refine your omnichannel fraud prevention strategy: Investigate vulnerabilities in your consumer-facing digital channels and make the required changes to protect all digital channels. Fraudsters look for the weakest link in your fraud prevention solution; therefore, you must prevent fraud holistically, across all digital channels.

For more information, check out the Q1 2020 RSA Quarterly Fraud Report for an analysis of cyber attack and consumer fraud data collected by the RSA Fraud and Risk Intelligence team in the course of its work identifying threats for RSA customers.

To Learn more about fraud trends from Q1 2020, check out the RSA Quarterly Fraud Report: Q1 2020.

Also, learn how RSA Fraud & Risk Intelligence Suite provides companies with a portfolio of sophisticated fraud detection and prevention capabilities designed to protect consumers from financial fraud threats across digital and physical channels.