Report Shows That New Account Fraud Has Gone up 28% in 2019

The significance of IT and the Internet for our day to day life can hardly be understated. It has grown exponentially during the past two decades and doesn’t seem like its importance will wane any time soon. Unfortunately, just like any other pillar of modernity, some bad actors are willing to take advantage of the flaws in IT systems for personal gain. This is demonstrated well in a recent statistic that pointed out a 28% increase in reported account fraud between 2018 and 2019. This growth brings the total number of account fraud cases in 2019 to twice what it was five years ago, back in 2014.

A variety of different factors can explain such a jump. For starters, cybercriminals have honed their impersonation tools to a very fine degree in recent years. Additionally, due to the never-ending stream of data breaches, it is now easier than ever for malicious actors to get a hold of some of a user’s private information and be assured a foothold into a potential victim’s online presence.

That last detail is of no small importance. Just to illustrate the point – back in mid-October 2019, Bob Diachenko and Vinny Troia discovered a readily accessible Elasticsearch server containing the data of an unprecedented 4 billion user accounts across a multitude of platforms, with the total data dump being a hefty four terabytes.

That’s a frightening amount of data that can be used to target an indeterminably large number of online user accounts. Given the propensity of users to recycle login details and passwords across multiple platforms and accounts, the fact that this information was readily available for anyone to grab and exploit does not bode well for the general security of internet users worldwide. While it is true that parts of the data dump may be outdated or otherwise unusable for a cybercriminal’s nefarious ends, there are bound to be bits and pieces in there that crooks can use to further their own malicious goals. The probability of that is quite high, in fact, given the regular internet user’s disinclination to update and rotate accounts, recovery e-mail addresses, and passwords as often as is recommended in order to maintain an adequate level of cyber-security.

Unfortunately, in the face of so many vulnerabilities and sophisticated tools in the hands of cybercriminals, traditionally recommended authentication methods also seem to be failing. Complex long passwords, KBA, and SMS-based two-factor authentication are now routinely spoofed as the result of the never-ending data breaches, phishing scams, and a variety of other malicious activities.

More complex methods, such as fingerprint scanning, have also been found wanting recently due to various vulnerabilities. It was recently revealed that the fingerprint reader on Samsung’s flagship S10 and Note10 smartphones could easily be spoofed with a $3 screen protector. Face mapping and even sensors that map out the veins in the palm of your hand have also been used as a way to authenticate a user’s identity, but none of those are effective enough, either.

And then there’s the human element to the equation. Research on the matter indicates that more than 80% of data leaks are a result of human error. At the end of the day, a machine is only as good as its human operator and a system - only as secure as the people who have access to it can make it.

All of this adds up to the inevitable conclusion that even relative online security is extremely difficult to attain, and costs a lot of effort to maintain. The rise of advanced fraud strategies like account takeovers, identity theft, and deepfake technologies only exacerbates the issue. However, the fact that something is time-consuming, difficult, and annoying doesn’t reduce its importance. Internet users need to be made aware that there are dangers to their online presence and educated on why they should care about that and, most importantly - how to best avoid said dangers.

By Giles
March 10, 2020
March 10, 2020

Leave a Reply