“While less than half of a percent (0.4%) of legitimate logins were attempted from a combination of a new account and a new device, this scenario accounted for 32% of total fraud volume observed in Q1. This pattern could indicate fraud actors attempting to leverage stolen identities to create mule accounts as part of their 'cash-out' plans,” RSA reported.

“Similar to fraud patterns at login, only 0.4% of legitimate payment transactions are attempted from a new account and new device, yet this combination makes up 22% of total fraud values, once again potentially indicating money mule activity,” it added.

“The highest volume of fraud, or 34% of total value, originates from a known/trusted account and device, which suggests that there is a high likelihood that these devices may be infected with financial malware capable of performing man-in-the-middle account takeover attacks.”

Phishing still the frontrunner

Phishing accounted for 48% of all cyberattacks in the first quarter of 2018, RSA reported. Financial Trojan horse malware accounted for one out of every four fraud attacks during that time.

“Phishing, while among the oldest types of online fraud attacks, is still the most widely used tactic. This may be due to its low technical barriers to entry, combined with the low resource requirement for simple, low-tech attack vectors such as email.”

For criminals, the payoff can be huge. The average value of a fraudulent transaction in the United States was 144% higher than a genuine one and averaged $508.

That's made identifying members' devices a critical part of data security and fraud prevention. According to the report, 82% of fraudulent e-commerce transactions during the first quarter of 2018 originated from devices that were not “known” or “trusted” by the fraud platform.

The new hideout: social media

Credit unions and other organizations that rely on mobile have to get more comfortable with the inner workings of social media and monitor it for fraud threats targeting their businesses, it added.

“There is a thriving fraud business happening on most major social media sites that is going completely unnoticed,” it said.

“There are several reasons fraudsters, like legitimate users, are attracted to social media platforms as 'control stations' for their social lives and even their businesses,” RSA warned. “The mass communicative properties of these networking programs bridge physical divides and distances to allow seamless sharing of ideas and information. On top of that, many platforms provide additional benefits to users looking to maintain an exclusive space for a specific purpose that remains unknown to those not trusted enough to be part of the circle.”