The most vulnerable victims of cybercrime are young adults and adults over the age of 75. This is evident from the latest research published in LexisNexis Risk Solutions’ bi-annual Cybercrime Report.
Published on February 23, the report tracks global cybercrime activity from July 2020 to December 2020. The report shows how unprecedented global changes in 2020 created new opportunities for cyber criminals around the world, especially as they new users of online Channels.
The LexisNexis study found global transaction volume grew by 29 percent compared to the second half of 2019. This growth was seen in the financial services (29 percent), e-commerce (38 percent) and media (9 percent) sectors. The number of human-initiated attacks decreased by around 184 million in 2020, while the number of bot attacks increased by 100 million.
The e-commerce sector saw the largest growth in bot attack volume compared to other industries, although human-initiated attack rates declined. The attack rate for ecommerce payments with a mobile app is higher than any other industry.
This poses a potential risk for these companies. Although ecommerce merchants have a higher rate of account hijack attempts compared to financial services, overall attack rates remain relatively low and are declining year over year across all channels.
Don’t blame the pandemic
Contrary to conventional thinking, the surge in bot attacks in the second half of last year wasn’t related to the workforce moving from office to home.
The culprits were fraudsters testing lists of stolen identities, said Kimberly Sutherland, vice president of fraud and identity at LexisNexis Risk Solutions.
“Our network saw large, high-speed automated attacks, often from the same machine or location, and those attacks were typically directed against e-commerce and media platforms,” she told TechNewsWorld.
These validated credentials can then be used for higher-value downstream attacks, such as: B. for account takeovers in several industries, including financial institutions, she explained.
One of the basic assumptions is that these validated credentials attacks could then occur in human-initiated attacks in 2021. The researchers will be tracking this scenario over the next year to see if there is an increase in fraud attack rates.
What puts younger and older adults at additional risk?
A large influx of new digital customers went online in 2020. It was the age group under 25, followed by the age group over 75, which was found to be the most vulnerable to fraud attacks.
“We most often view these young adults as highly tech-savvy, but many also tend to be more relaxed about their usage patterns and willingness to share personal information,” noted Sutherland.
Those over 75 face a different challenge as they are generally less familiar with the latest digital technologies. This lack of familiarity increases their vulnerability to fraud and phishing attempts, she added.
“Scammers are opportunists looking for the simplest of targets. The paradox of why scammers choose to target the younger age group in proportionally higher amounts can possibly be answered by the fact that higher success rates can offset lower cash gains,” she added added.
The largest number of fraud attacks by volume have come from scammers in the United States. Countries like Canada, the United Kingdom, and Germany are also in the top 10 for each attack method.
Growth economies increasingly contributed to the number of fraud attacks, with the number of human-initiated attacks from Guatemala, Bahrain and Zimbabwe increasing. A significant number of bot attacks have come from the Isle of Man, the United Arab Emirates and Nigeria.
Sixty-seven percent of all transactions were made through mobile channels. Much of the transaction growth came from trusted customers.
Malicious attack methods persist in companies despite reduced attack rates, as automated bot attacks offer fraudsters an inexpensive, fast and effective method for initial attacks.
The study analyzed 24.6 billion transactions from July to December 2020 and found that mass automated bots used to test proof of identity are still widespread.
Attack rates continue to be high when creating new accounts. This is a key entry point for scammers looking to monetize credentials from data breaches.
Age is very important
Many New-to-Digital customers went online for the first time. The youngest age group of online users was the most susceptible to fraud over the six months. The analysis showed that new customers in the under 25 age group grew by 10 percent.
The oldest age group, 75 years and older, had the next highest attack rate. This group is generally considered to be less tech-savvy and therefore more prone to digital fraud.
Millennials and Gen Zers are the most vulnerable to scam attacks. The average loss of fraud per customer increases with age, which is likely to be influenced by higher disposable incomes later in life.
The main takeaways
According to Sutherland, the ongoing shift towards transactions on a mobile device is remarkable. While desktop transactions still make up a large chunk of transactions, consumers are continuing to move towards the mobile channel.
“This makes mobile-first, rather than just digital-first, a key strategy for businesses in 2021,” she said.
The age analysis was particularly surprising. This contradicts the tendency to believe that the elderly population is most susceptible to fraud.
“While this age group will lose the most money, the results that show that the youngest population is the highest rate of attack underscores the importance of education, online messaging and layered fraud prevention in protecting the full spectrum of online users.” he told Sutherland.
Fraudsters follow the money trail
Networked fraud analysis continues to be a central feature of the cybercrime report. Isolated attacks can cause significant damage to businesses and end users. Worse is the extent of the hyperconnected, networked fraud, which is huge and harmful, Sutherland noted.
This type of organized, networked fraud involves the same scammers or stolen credentials used in multiple organizations and global regions. It is meant to highlight the scale of the fraud challenge.
“Giving businesses the ability to analyze user behavior across thousands of global digital companies gives them a more interconnected view of trust and risk rather than looking at it in isolation,” she said.
A fraud network of LexisNexis researchers analyzed as part of this report found that fraudsters are targeting several financial services companies in the United States and Canada. The potential monetary risk was at least $ 8.7 million and fraud of at least $ 1.5 million was blocked.
There are two main problems with today’s approach to cybersecurity risk, according to Robert McKay, senior vice president of risk solutions at Neustar.
First, the security measures implemented are no longer effective in protecting customers from fraud. Most anti-fraud efforts are based on the idea that people’s online and offline data is safe, and that’s just not true anymore.
Second, the authentication measures that many companies put in place to protect against fraud annoy customers. Some people find reinforced authentication (such as using a one-time passcode or asking knowledge-based authentication questions) so burdensome that they abandon the transaction and sometimes even stop doing business with that organization.
“These can be valid authentication measures, but they can lead legitimate customers to feel like they are being scammed,” he told TechNewsWorld.
Layered defense is critical to defending against cyber criminals, countered Sutherland. By delivering the best physical and digital fraud and identity solutions at every touch point in the customer journey, you get a better view of trust and risk when a customer transacts online.
“Technologies like behavioral biometrics can then be transferred to this digital identity intelligence. Behavioral biometric data can help companies better understand how a user interacts with their device in online transactions and can uncover cases of fraudulent behavior that can alert companies to potential threats “she explained.
These types of solutions minimize the friction for good customers: high risk transactions can be reinforced with additional authentication tools or manually verified to minimize unnecessary fraud spending, she concluded.
The bad guys are rustling
Michael Kaczmarek, vice president of product management for Neustar’s security solutions business, said the biggest threat perpetrators are sponsored by both bad-actor states and non-state cyber gangs.
“I think both of them pose the greatest threats, but both have different goals. Both employ similar tactics to launch attacks on governments, infrastructure targets or private organizations.
“Your intentions may be different, but the results are still the same – disrupt the normal course of business,” he told TechNewsWorld.