Securing the Digital World

How the pandemic is changing cybercrime

Oct 14, 2020 | by Angel Grant, CISSP |

Over the past several months, the coronavirus pandemic has fundamentally changed the ways that we work, learn, shop, and bank. By accelerating digital transformation, it's also given fraudsters new opportunities to leverage disruption and pry away sensitive information.

That's why the recent release of RSA's Quarterly Fraud Report is so important: it shares insights from our FraudAction Intelligence and Data Scientist teams about our online behaviors in the 'new normal' and the ways that cybercriminals are adapting their work to exploit these changes.

The report shows that phishing continues to be the most predominant attack vector, representing 43% of all the attacks that fraudsters deployed over the last quarter. Brand abuse represented 35% of their attacks, a 13% increase from last quarter. Based on these two types of attacks, it is clear that fraudsters are looking for new ways to take over both our personal and professional lives by using carefully crafted messages that either look like they're from the brands we trust or that exploit pandemic-themed activities and needs.

When many bank branches closed, we saw a spike in online banking and investment activities to the tune of an increase of over 382% in value. That trend was quickly followed by an increase in account takeover fraud attempts. The combination of logins from a new account with a new device accounted for 31% of total fraud volume observed, suggesting fraudsters are continuing to use stolen credentials from data breaches to set up mule accounts to facilitate cash-out or new account fraud.

Cybercriminals are also playing upon the fact that we all are quickly learning and using new technology to do things we have never done before. In the quest to reduce contact, many organizations began offering more mobile services, and many of us started to use these mobile services for the first time. This provided cybercriminals with a larger window of opportunity to exploit our unfamiliarity with new applications, workflows, and ways to shop and bank remotely: last quarter, we saw that almost 70% of all fraudulent transactions originated from the mobile channel, which was a 26% year-over-year increase. Not coincidently, that came with a 17% increase in the value of a fraudulent payment transaction in the mobile channel. As always, the cybercriminals are going where the money is.

How we shopped and what we shopped for also dramatically changed. For example, public transportation and airline transactions were down 92% and 71%, respectively, from Q1 to Q2, while transactions in automobile sales were up 283%—reflecting concerns about increased health risk associated with crowded modes of transportation.

Also, apparently, we are all using our bathrooms, showering, watering our lawns, and drinking more water because the value of the amount of transactions for water services increased over 506%. The one changed that shocked me the most was the 213% increase in fitness and sporting goods, however, I'm chalking that up to people buying more workout equipment due to fitness centers being closed and of course needing more comfortable clothes to exercise at home in (or, in my case, perhaps a new work wardrobe). Cybercriminals will continue to adjust their tactics and select their targets based on which are the easiest to attack and which drive the best ROI; retailers and public utilities working in these sectors should take note.

These insights and data should be eye-opening and remind us all do our part and be cyber-smart. If you need a refresher, October is National Cybersecurity Awareness Month (NCAM), and a great chance for us all to take action to protect our online lives. See the National Cybersecurity Alliance and European Cybersecurity Month ECSM for resources and tips to Do Your Part and #BeCyberSmart.