In H1 2020, new account creations saw the highest rate of attack across all transaction types within financial services, according to a new study by LexisNexis, a provider of computer-assisted legal and business research as well as risk management services.
The LexisNexis Risk Solutions Cybercrime Report January-June 2020, which analyzed data from more than 22.5 billion transactions processed by the LexisNexis Digital Identity Network, found that between January-June 2020, new account creation in financial services recorded an attack rate of 13.1%, well ahead of payments at 4% and logins at 0.4%.
New account creation fraud refers to a customer account created using fraudulent information. The term encompasses the legitimate customer that uses a “fake” email address to limit the amount of spam in their inbox, to the more extreme case where a hacker uses stolen personal information on a real-life person to create fake accounts through which they can funnel illegal earnings.
New account creation attacks have been an emerging trend across various industries, and an effective way for fraudsters to monetize stolen credentials and cash out. In these rapidly proliferating cybercrimes, fraudsters use bots to sign up for mass new media accounts to take advantage of free trials/streaming bonuses that can be sold for a profit. In e-commerce, these new account creation bots are seen at online marketplaces, virtual gift card companies, and ridesharing sites.
In financial services, the report notes the case where fraudsters attempted to create multiple new accounts from the same device at a Brazilian financial services organization. There was also the case where criminals tried to create multiple accounts at a Malaysian digital wallet provider to exploit new account bonuses.
Rising bot attacks
H1 2020 also saw a surge in automated bot attacks at financial services organizations. The industry saw more bot attacks than any other industry, with these types of attacks growing 38% year-over-year (YOY), while the human-initiated attack rate declined 23%.
In Singapore, human-initiated attacks and automated bot attacks grew 58% and 52% YOY respectively during the period.
Asia Pacific (APAC) continued to see higher attack rates than North America or Europe, the Middle East and Africa (EMEA) during the period, with some significant bot activity recorded coming from Japan, India and Australia. The report notes a particularly large attack originating from the Philippines in June 2020.
India was found to be the top attacker by volume, targeting primarily the UK, the US, Australia, Canada, but also within its own borders. Meanwhile, Japan recorded the largest growth in bot attack origination YOY and was found to be the second largest contributor to human-initiated cyberattacks by volume after the Netherlands.
COVID-19 brings new challenges
COVID-19 has accelerated companies’ timeline to embrace digital transformation. With organizations and businesses rapidly deploying remote systems and networks, criminals are taking advantage of increased security vulnerabilities to steal data, generate profits and cause disruption.
A study conducted by LexisNexis Risk Solutions earlier this year found that exposure to money mules and criminal use of third-party advisors were the top two financial crime risks detected during the past 12 months.
The research also found that the types of crime vary between the types of financial organization, showcasing that criminals are targeting different organizations with specific types of crime, where controls are seen as weakest.
Fintech companies and challenger banks, for example, recorded higher usage of money mule accounts, while asset management firms reported notable trade-based money laundering activity compared to other types of organization.