DataVisor Attack Techniques Blog:
What Fraudsters Are Doing with Breached Data
We recently published a blog post that covers several massive data breaches including Equifax, Facebook, and Marriott. According to a recent report by Gemalto, approximately 944 data breaches occurred in the first half of 2018 alone. And these data breaches caused about 3.3 billion data records to be compromised. This post highlights some of what fraudsters are doing with breached data- namely committing many different types of online fraud.
Account Take Over
Account takeover (ATO) is where a fraudster takes over an account using the online credentials of the account holder. Account takeover increased 45% in Q2 2017 costing online merchants an estimated 3.3 billion dollars. Some data breaches result in the leak of login credentials (usernames and passwords) which fraudsters use to take over user accounts. Fraudsters also use sophisticated tools and techniques to take over accounts such as botnets and brute-force attacks.
Credential stuffing is a type of attack, usually automated, used to take over user accounts. Fraudsters use stolen credentials such as email addresses, usernames, and passwords to gain access to website and web app user accounts. The fraudster typically uses an automated script or tool that enters credential pairs repeatedly into websites or web apps until the credentials are matched to an account or multiple accounts. When the fraudster discovers a match, they can then take over the account and use it for fraudulent purposes.
Credit Card Fraud
According to the Identity Theft Resource Center (ITRC), more than 14 million credit card and debit card numbers were exposed in 2017 because of data breaches. Recent data breaches involving the leak of credit card numbers include Saks Fifth Avenue, Lord & Taylor, Newegg, and British Airways. Fraudsters use stolen credit card numbers not only to buy big-ticket items but also to commit different types of fraud such as card testing and triangulation fraud.
Many fraudsters use stolen personal information for application fraud. Application fraud is where a fraudster applies for a loan or a line of credit but has no intention of paying back the lender. Fraudsters often cultivate loan accounts over time emulating authentic-looking credit account activity. Building authentic looking credit allows a fraudster to gain access to even more credit. When the time is right, the credit lines are maxed out.
Synthetic Identity Fraud
Some fraudsters commit application fraud using an identity that is comprised of personal information from different people or a combination of real and fake personal information. This identity fraud technique is called synthetic identity fraud. For example, a fraudster could submit a loan application that includes a real, but stolen, social security number. But the name, date of birth, and home address could be from the identities of a different person or multiple people. Synthetic identity fraud costs lenders and financial institutions billions of dollars every year.
A Wealth of Stolen Data to Choose From
More than 6 million data records are lost or stolen every day according to Gemalto’s Breach Level Index. And much of that data is made available to fraudsters via dark web marketplaces. Fraudsters today have a wealth of stolen data to choose from- consumer names, social security numbers, credit card numbers, login credentials, birth dates. And fraudsters are figuring out new and innovative ways to commit online fraud with stolen personal data.
The question is no longer “if a data breach happens” but rather “when the data breach happens.” While minor inconveniences following the data breach might be seemingly tolerable for consumers (like getting their credit cards reissued), there are broader implications associated with the data and personal information being exposed. While organizations need to take preventative measures against data breaches, they also need to protect themselves against any fraudulent activity that might follow the data compromise.
DataVisor helps organizations continuously monitor user accounts for emerging threats and fraud attacks resulting from new accounts being opened with stolen credentials, account takeovers and other malicious activities that result in reputational and financial loss.