DataVisor Threat Blog:
Fraudsters Target Mobile Devices in Many Ways
65% of fraudulent transactions involved a mobile browser or mobile app, according to an RSA report in Q1 2018. Fraudsters are constantly finding ways to commit fraud through the mobile channel and they are attacking industries including financial services, marketplaces, social commerce and gaming with more sophisticated techniques. The key point of vulnerability is at the user acquisition stage, such as app install and new account creation stage. This post highlights four ways fraudsters target mobile devices and how business can detect and prevent mobile frauds.
User Acquisition Fraud, a Growing Problem for App Developers
When fraudsters trick advertisers into spending money on fake users and fraudulent traffic, it is referred to as “user acquisition (UA) fraud.” UA fraud usually involves fraudsters generating fake downloads and app installs using automated tools. Many fraudsters create install farms, large groups of mobile devices and cheap labor that generate activities to emulate legitimate users. These activities often include installing and opening apps, resetting Device IDs, clicking on mobile ads, and changing IP addresses.
Orchestrated attacks using install farms allow bad actors to generate massive volumes of simulated installs which gets them huge payouts from ad networks. Their attack patterns are also constantly evolving, making it hard to detect if only relying on historical data. Business should find a solution that can catch unknown attacks and is capable of large-scale fraud detection.
App Install Fraud, Causing Marketers up to $2 Billion a Year
Deploying app install campaigns on a variety of ad networks is one of the most popular strategies mobile app companies use for user acquisition. Unfortunately, mobile app install advertisers and advertising networks are prime targets for fraudsters. A recent report from Tune estimates that marketers will lose up to $2 billion a year due to app install fraud.
Fraudsters use sophisticated methods to generate mobile app installs that look like they are from authentic users. Among the methods are clickjacking, device spoofing, location spoofing, and simulating realistic user activity. To address this problem, an advanced fraud detection solution that can find the hidden connections between those activities is recommended.
26% of App Install Fraud Comes From Device ID Reset Fraud
Fraudsters often create massive farms of mobile devices that are used to leverage ad networks (with CPI or CPE models) and install apps numerous times to receive huge payouts from advertisers. Device ID reset fraud allows fraudsters to generate massive volumes of app installs, clicks, and interactions (user engagement).
By resetting device IDs, fraudsters bypass fingerprinting detections and give the appearance that each app install is from a new mobile phone. Fraudsters use emulators to reset the Device IDs of mobile phones constantly and on a grand scale. According to AppsFlyer, in Q3 2018 about 26% of all mobile install fraud attacks were due to Device ID reset fraud which costs advertisers approximately 900 million to one billion dollars every year.
SIM Swap Fraud, a widely-used method for Account Takeover
SIM swap fraud is where a scammer cancels and then reactivates a mobile phone SIM card by posing as the legitimate holder of a mobile network account. The scammer may obtain personal information of the account holder through phishing techniques or purchasing the information on a dark web marketplace. Once the fraudster takes over the SIM card, all calls and texts are routed to the fraudster’s phone. Fraudsters can access two-factor authorization (2FA) access codes for the SIM card owner’s bank accounts.
With access to 2FA, the fraudster can steal the funds of the victim’s bank accounts. If 2FA is not set up for certain accounts, the fraudster could obtain personal details through the SIM card, social media, and dark web marketplaces to take over those accounts, posing big threats for modern business.
How to Detect and Fight against Mobile Frauds
Fraud prevention system should go beyond reviewing accounts or events on an individual basis and should take a holistic approach where all accounts and user activities are monitored and analyzed as a whole.
The holistic approach is more effective because fraudsters are becoming more organized, sophisticated and deliberate. Traditional approaches that only look at each individual account or event in isolation are not sufficient to detect modern attacks. In a recent Fraud Index Report, our research times noted that 90% of fake account registration in social platforms involved coordinated attacks while more than 40% of application fraud in the financial sector were coordinated attacks.
DataVisor addresses modern mobile attacks by finding hidden connections between accounts and activities and catches frauds even before it happens. Powered by DataVisor’s AI-based fraud detection solution , DataVisor Enterprise is able to detect fraudulent activities early despite the ever-evolving attack techniques of fraudsters. Companies can discover clusters of linked accounts and make bulk decisions to save time, without the need for training or labeling data. Detection reasons are provided in detail about how the fraud or abuse was committed. Machine learning is no longer a black box with DataVisor.
Want to learn more about how DataVisor provides immediate ROI, early detection, transparent and accurate results to your business? Contact us to request a trial.