The busy holiday season is a time for bargains, special offers and intensive online shopping activity. However, just as manufacturers ramp up activity and e-commerce stores look to lure customers with discounts, threat actors also ready themselves for the busiest time of the year. That could mean promotions and discounts for cybercrime services and more stolen data posted on dark web sites – making it easier to take advantage of financial institutions that relax their anti-fraud measures.
New research reveals that, as per years past, the coming weeks will represent a period of heightened risk for cardholders, financial institutions and associated service providers.
A Cat-and-Mouse Game
Data reveals that the volume of compromised payment cards for sale on underground sites during the November-January holiday season was 5% higher than the preceding three months and 20% higher than the following three. It should be added that there are additional fraud spikes throughout the year due to large-scale breaches, threat actor innovation and other factors, but the holiday season is certainly one of the most notable and predictable.
Unfortunately, fraudsters in this context also adapt their tactics to try and evade financial and payment processing stakeholders, police and intelligence companies.
There are undoubtedly enhanced opportunities for fraudsters to avoid detection during the holiday shopping period as banks and retailers relax their fraud rules. We have confirmed that some e-commerce sites disable security features like 3DS for user authentication. Threat actors can use experimental transactions to determine the new threshold for 3DS to kick in and keep their purchases under it. The sheer rise in the volume of transactions and friction creates an overwhelming volume of transactions to process without relaxing.
Additionally, they can target consumers’ more relaxed spending habits at this time of year. In fact, dark web forums are overflowing with threads and posts indicating interest in holiday-themed phishing and scam pages. Phishing panels are also increasingly popular as a way to bypass two-factor authentication.
Behind the Scenes
Just like legitimate businesses, cybercrime operations leverage the holidays to post discounts, promotions and sales. Recorded Future has observed increased discounted services on the dark web for three years. For example, last November, on a popular dark web forum WWH Club, a fraudulent banking enrolment service used to compromise victims’ banking logins, was discounted by 30%.
So what can organizations do to fight back? Intelligence is vital to understand the risks that retailers and banking platforms face. Threats range from discount code abuse, account takeover and vulnerabilities in web systems being abused for adversary advantage.
It’s also important to pass intelligence as information on to customers – to raise awareness of seasonal phishing attempts, encourage good cyber-hygiene like regular patching and device anti-malware, and urge them to verify who they’re buying from. From a merchant/financial institution perspective, a step in the right direction would be to ramp up anti-fraud measures rather than relax them. That means adjusting fraud score calculations or lowering the threshold necessary to deny a transaction.
However, in what is predicted to be a tough season for retailers, many will loathe to put more steps in the way of legitimate customers. More seamless, behind-the-scenes fraud prevention mechanisms could be the key to balancing customer experience with risk reduction.