arrow left facebook twitter linkedin medium menu play circle
July 22, 2020 - Claire Zhou

How to Find Emulators and Stop Mobile Fraud

Online transactions on mobile devices have increased since a global pandemic sent many of us home. Perhaps not unexpectedly, mobile fraud is increasingly a problem as well, according to the latest data. Cybercriminals use various tools to commit fraud, including mobile emulators to run multiple accounts from the same device. 

This article will help you understand the risks of mobile fraud today, and how to find and shut down fraudsters before they become a problem.

Understanding Mobile Fraud

Fraudsters look for the path of least resistance. If you put more locks on your doors, a thief will try the windows. That’s what’s happening with mobile fraud, the latest vector for fraudsters to try to exploit our vulnerabilities to commit theft. 

Mobile fraud is a growing concern across industries. Last year, 93% of the total mobile transactions in 20 countries were blocked as fraudulent. 

Android remains the biggest culprit; 90% of mobile fraud emanates from these devices. Android is an open-source platform that allows developers lower-level access to the underlying code of these tools. That makes Android devices about six times more vulnerable to potential cyberattacks than iOS. Additionally, Android has more apps with elevated permissions that make them a higher risk for mobile fraud. But how are fraudsters using our trusted mobile devices against us?

Let’s take the banking industry as one example of where mobile fraud can wreak havoc. The COVID-19 pandemic caused a 50% surge in mobile banking, prompting the FBI to issue an alert of the potential for increased cyber fraud. Some of their concerns include:

  • Trojan malware programs embedded within normal-looking mobile app software.
  • Bots that find and steal credentials then launch automated attacks, such as fake banking applications from mobile devices.

Mobile devices are increasingly being used as revenue generators in the online world of eCommerce and pay-per-click. Unsuspecting end users may go to the app store and download a malicious app that appears legitimate. But the fake app then uses your device to create false clicks generating thousands of dollars in online advertising revenue for the fraudster.

Install farms are another form of mobile fraud where the bad actor builds physical banks of mobile phones running bot-based scrips to generate online activity that appears to come from real end-users. Cybercriminals, for example, can use these mobile device farms to commit application fraud, which costs companies millions each year.

One of the mobile fraud techniques increasing in popularity is to create device emulators to download and install apps. These emulators make the download appear legitimate—and it’s a growing issue in mobile fraud.

What Role Do Emulators Play in Mobile Fraud?

Emulators are malicious software programs that run on desktop computers. This type of virtualization software simulates Android and iOS mobile device activities. 

The programs are sophisticated enough to bypass simple device recognition security tools. Mobile device emulators can then be used to:

  • Run scripted credential stuffing attacks, which is where automated software attempts cyclic logins into an account by using rotating password sets. 
  • Create fake social media accounts that send out spam messages. The attacks can use different domains like gmail.com or Hotmail.com to avoid triggering security filters.
  • Emulate normal end user behaviors, such as clicks, touches, and swipes.
  • Use the stolen credentials to take over accounts.
  • Scale this technique to run multiple fraud campaigns simultaneously.

Emulators are attractive to mobile fraudsters because it’s easier to run large scale attacks from a larger desktop screen instead of from a mobile device. Also, emulators can easily bypass traditional rules-based security platforms. When a simulation instance is blacklisted, the fraudster discards it and generates a new one. That’s exactly why security teams can’t rely on unique device IDs to discern automated fraud attacks over real end users anymore. Cybercriminals are growing more sophisticated, which is why your mobile fraud security should too.

How Can You Fight Back Against Emulators and Stop Mobile Fraud?

Mobile fraud rates have grown at least 44% year over year. Companies are ill-prepared to deal with the growing level of automated attacks. They still focused primarily on the web, not mobile. To fight back against this new type of fraud, companies need next-generation tools designed to address mobile fraud and the increasingly sophisticated emulator attacks that are often missed by traditional tools.

DataVisor dEdge is an AI-powered mobile intelligence solution designed for addressing these threats. This is a real-time solution to protect businesses from mobile device fraud that existing solutions simply cannot catch. 

dEdge takes fraud detection to a much earlier point along the fraud attack timeline, straight to the device and browser level. There are many layers between data sources and applications where a cybercriminal can manipulate data or repackage an app, so collecting data at the source validates the legitimacy of the customer and detects malicious activity before it causes damage. 

The capabilities of dEdge include:

  • Real-time collection of hundreds of valuable data fields across mobile, desktop, or other devices. 
  • Advanced detection of device manipulators, including emulators, including new threats that constantly evolve. 
  • Unique device identifications, risk signals, and device scoring that provides actionable intelligence to mitigate risk.

The benefits of dEdge include:

  • A frictionless customer experience with fewer false positives.
  • Exceptional app performance with no latency.
  • Better customer privacy by avoiding sending private data to the cloud.
  • Best-in-class encryption that prevents data from being hijacked or tampered with.
  • Reduced cloud costs through the use of edge computing.

Companies will continue to face the challenge of increasingly sophisticated, fast-evolving mobile fraud techniques. Consumer-facing organizations that offer the convenience of mobile applications are popular targets for cybercriminals. Banks, eCommerce sites, fintech startups, social sites, and travel platforms will increasingly face the risks associated with mobile fraud. 

dEdge is the solution for these companies to mitigate their risk without harming the customer experience. Talk to our team today to set up a demo to understand the benefits of this innovative product. Learn more about dEdge.

Photo of Claire Zhou
about Claire Zhou
Claire is a Product Marketing Manager at DataVisor with over 5 years of marketing experience in security and fin-tech. She is passionate about empowering enterprise customers with AI-based solutions. Her expertise spans data analytics, cybersecurity, and fraud prevention. Claire has an MBA from UCLA.
Photo of Claire Zhou
about Claire Zhou
Claire is a Product Marketing Manager at DataVisor with over 5 years of marketing experience in security and fin-tech. She is passionate about empowering enterprise customers with AI-based solutions. Her expertise spans data analytics, cybersecurity, and fraud prevention. Claire has an MBA from UCLA.