LexisNexis Reports Dramatic Shift of Attacks Targeting Mobile Devices

Fraudsters are migrating attacks to the mobile channel. Of 401 million attacks recognized by the Atlanta-based LexisNexis Digital Identity Network in a six-month period, 264 million of those affected a mobile device.

“Fraud Without Borders,” a LexisNexis Risk Solutions cybercrime report covering July to December 2019, tracked fraudsters’ behavior and actions as they operated across multiple organizations within their Digital Identity Network.

The report highlighted a dramatic shift toward mobile attacks, which for the first time outpaced desktop attacks by volume. Although attack rates targeting desktop transactions (2.7%) and mobile transactions (2.5%) are almost identical, the mobile attack rate grew 56% while the desktop attack rate fell 23%, confirming the growing shift toward mobile fraud.

The report findings crystalize how cybercrime is a well-organized, global endeavor powered by networks of fraud. While consumers enjoy access to goods and services from all over the world, fraudsters are able to harness stolen identity data to launch corresponding cross-border fraud attacks.

Key findings from the report revealed fraudsters are working in hyperconnected, global networks, targeting businesses across country borders and industries. In just one month, the Digital Identity Network discovered 73,000 devices associated with a fraudulent event at one organization later recorded at another organization. All of the fraud networks identified in the recorded period involved organizations from more than one region and more than one industry.

This global, networked pattern of cybercrime additionally reflects in mobile attack rate growth, heavily influenced by worldwide bot attacks directed at mobile app registrations. Globally connected bot attacks target new account creations.

Bot volumes saw strong growth from key regions, as fraudsters use automation to maximize success. The Digital Identity Network recorded strong growth in bot attacks from Canada, Germany, France, India and Brazil. Bots from Canada, France and Germany all targeted the same group of organizations, which were mainly in financial services and media business.

The report also noted mobile browser transactions attacked at a higher rate of 4.2% compared with 1.9% for apps; but mobile app transactions with a greater growth in attack rate, up 171% compared with a steadier growth rate of 14% for browsers.

“The ability to harness intelligence related to devices, location, identity and behavior to combat fraud is critical, given the globally connected fraud that permeates the global digital economy,” Rebekah Moody, director of fraud and identity at LexisNexis Risk Solutions, said. Moody added fraudsters are able to attack with unprecedented ease and speed. “To mitigate the hyperconnected nature of global cybercrime, businesses need access to a shared view of risk that can operate across channels, across industries and across country borders.”

The report also contained the deconstruction of an identity spoofing fraud ring in seven steps:

1. A fraudster was tracked carrying out a series of transactions, many of which were high-risk and fraudulent, across multiple organizations within the Digital Identity Network, which found the transactions linked to one device, despite the fraudster attempting to bypass device fingerprinting.
2. The fraudster tried to open accounts at lenders and financial institutions, as well as perform several logins and payments across multiple organizations. “This could indicate a potential identity spoofing fraud, with the fraudster testing multiple identity credentials to open accounts, takeover good user accounts or monetize stolen credit cards.” Several transactions marked as confirmed fraud, included a payment transaction at the e-commerce merchant.
3. The e-commerce merchant took the device intelligence from this fraudulent pattern of transactions and cross-correlated it to its own network.
4. The e-commerce merchant linked the original fraudulent device to five other devices via one unique shipping address. The additional five devices also connected to confirmed fraud attempts at the e-commerce merchant, creating a larger, complex fraud network.
5. One of these devices was associated with a fraud network using store pick-up, with multiple email addresses, IP addresses, credit cards and identities.
6. Three of these devices were associated with digital gift card fraud on the merchant’s website, and were also associated with multiple email addresses, IP addresses and credit cards.
7. The final device was associated with a series of fraudulent payments in-store using the merchant’s own payment card method. This fraud also logged multiple payment cards and identities.