Security News

Gift card fraud still fills a distressing niche in the cybercrime ecosystem, where a gang of crooks redeem gift cards that you paid for, either because you were convinced that those cards were earmarked for something else, or because the crooks got temporary access to one of your online accounts that allowed them to buy gift cards on your dime. The US Department of Justice announced this week the indictment of four suspected gift card scammers, and alleges that that these four had ended up with more than 5000 fradulently obtained cards to spend on themselves.

The Federal Communications Commission in the U.S. this week announced that it started to work on rules that would pull the brake on SIM swapping attacks. The decision comes after the agency "Received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM swapping and port-out fraud."

A sophisticated fraud ring, dubbed Proxy Phantom, has pushed the boundaries of credential-stuffing attacks with a dynamic account takeover technique that was flooding eCommerce merchants in the third quarter. What really set the Proxy Phantom attacks apart was the use of dynamically generated IP addresses from which it launched the campaigns.

The overall percentage of global transactions its system identified as being potentially fraudulent ranged from 10 to 13%, with the average value of each fraudulent transaction ranging from $126 to $155. Fraud attempts are not evenly distributed: fraudulent attempts at individual merchants ranged from 0.8% to over 30% depending on business vertical and geography. CNP transaction fraud liability lies with the merchant.

Police arrested 106 people suspected of carrying out online fraud for an organized crime gang linked to the Italian Mafia, Europol said on Monday. It's claimed the suspects scammed hundreds of victims using phishing; SIM swapping attacks, in which crooks typically take control of people's cellphone numbers to get account login tokens texted to them; and so-called business email compromise, in which fraudsters typically use bogus invoices and the like to trick company staff into transferring money to the thieves.

Tony Lauro, director of security technology and strategy at Akamai, discusses how to disrupt account takeovers in the exploitation phase of an attack. In these last two stages, attackers put the bots aside, roll up their sleeves and take a manual approach to try and compromise individual accounts.

There's a stark disconnect between retailers and shoppers on the matter of eCommerce fraud, Riskified reveals. The research, which comprised 4,000 consumers and 400 retailers across the US, UK, France and Germany, highlights how widespread online retail fraud is, the extent of its enduring financial impact and how it's perceived in the eyes of shoppers versus retailers.

As the prevalence of digital fraud attempts on businesses and consumers continues to rise, TransUnion's analysis found that fraudsters are re-focusing their efforts from financial services to the travel and leisure and gaming industries. Gaming and travel and leisure were the two most impacted industries globally for the suspected digital fraud attempt rate, rising 393.0% and 155.9% in the last year, respectively.

Israel-based ecommerce fraud prevention company Riskified has announced the pricing of its initial public offering as it prepares to start trading publicly on the New York Stock Exchange. Riskified is offering 17,300,000 Class A ordinary shares at $21 per share, which means the company is hoping to raise more than $360 million.

LexisNexis Risk Solutions unveiled LexisNexis Fraud Intelligence Synthetic Score, a new product designed to help businesses mitigate synthetic identity fraud. LexisNexis Fraud Intelligence Synthetic Score analyzes hundreds of unique identity characteristics and events to help businesses identify inconsistencies and fraud patterns in application profiles.