Massive study identifies common fraudster behaviors

The inaugural DataVisor Online Fraud Report details common tactics employed by online crime rings. The report was produced by DataVisor‘s security research unit DataVisor Threat Labs and covers the last half of 2016.  It analyzes DataVisor’s global telemetry network of more than one billion users across more than 170 countries.

A newer tactic sees online criminals develop large armies with no suspicious traits that lie dormant for even years before being deployed as guinea pigs or as part of a staged attack. The report states 44 per cent of fraudulent accounts sleep for at least one week before attacking while 37 per cent are still dormant after three months.

Fraudsters also take advantage of the cloud by using hosting providers to create volumes of fake accounts from unique machines and IP addresses. The cloud fosters anonymity and enables criminals to increase the number of attacks. DataVisor said 18 per cent of accounts originating from cloud service IP ranges are fraudulent. Malicious accounts are seen times as likely to use cloud services as normal users.

Other findings include:

  • Fraudsters prefer desktop platforms (82 per cent) over mobile ones (18 per cent) when staging an attack.
  • Android device users are eight times more likely to be fraudulent than iOS owners.
  • More than half (53 per cent) of fraudulent accounts are registered with popular email services.
  • Fraudulent account armies preying on social platforms are 17 times as common as those targeting financial services and average 160 accounts per campaign.

“The Fraud Economy is flush with billions of dollars in resources,” DataVisor cofounder and CEO Yinglian Xie explained. “It’s no longer just one malicious user causing trouble, but rather massively funded armies numbering in the hundreds who are providing a big payout for these bad actors.

“The fraudsters are becoming adept at looking like normal users and it’s clear from our research that they are increasingly sophisticated and using the latest technologies available to skirt detection. The DataVisor Online Fraud Report will hopefully serve to help inform and empower the fraud fighting community in our war against a common enemy, one sleeper cell at a time.”

Like this article? Take a second to support us on Patreon!