Social media: the new Dark Web

Last week, it was announced that identity fraud hit a record level in the UK in 2016, according to Cifas, out of which nearly 90% occurred online. In a world where cybercrime knows no boundaries, the reported figures are hardly a surprise.

These days, all you need to do is type “botnet,” “hacking,” “DDoS,” “CVV2,” or any other cybercrime-related term into the search bar on most social media platforms, and you will find a plethora of fraud activity occurring in plain sight. Social media has become a breeding ground for cybercrime-related activity and is attracting fraudsters from around the world who take advantage of these platforms because they are free, easy-to-use, and offer a global reach.

Fraud posts began showing up in social media as early as 2011, when stolen credit cards and e-commerce accounts began being published openly on social media platforms. Initially residing in the hidden cracks and corners of social media, the level of fraud activity rapidly rose to flood the network with fraud offerings. Today, fraudsters operate largely in the open, and many even sell and trade stolen credit cards and other financial data from their own personal profiles. There is a parallel world of fraud that is hiding in plain sight, existing side-by-side with the rest of us.

Since RSA began studying the phenomena in 2015, we have realized this is a rapidly growing problem that is hardly going away. In fact, it appears to be getting worse. The average number of users in fraud-related groups tracked by RSA grew substantially in 2016 from an average 1,909 members, to more than 3,217 members. Additionally, the total number of members in these groups has increased 70%, from 179,447 to 305,677 individuals.

What exactly are the bad guys selling and trading on social media? Carding, cashout, and the sale of stolen credentials are the predominant topics discussed within these groups. The following chart shows the most popular discussions and fraud groups by topic:

Fraud in the mobile channel is also a cause for concern. As organizations transform the way they interact with customers, this has not gone unnoticed by cybercriminals as evidenced by the rise in fraud attempts originating in the mobile channel. In the past year, RSA has uncovered that 60% of transactions confirmed as fraud originated from a mobile device. Mobile traffic is also growing at unprecedented rates, with RSA witnessing a nearly 1:1 ratio between mobile and Web transactions.

Fraud is continuously changing. This includes not only new threats, but the new methods fraudsters are employing, such as leveraging social media and targeting mobile users to stay in the game. Thus, the financial services industry needs innovative and tested security products to keep fraud in check. The future of digital payments and commerce is before us, and technology guidance brought on by PSD2, 3D Secure 2.0 and other initiatives is much needed. Some might even argue that perhaps it is long overdue.

I recommend joining us for a live webinar with The Paypers on 5 April where we will discuss the implications of PSD2 and 3D Secure 2.0 and offer tips on how you can prepare. You can register here.

About Nathan Close

Nathan Close is a senior advisor and head of pre-sales engineering for RSA’s Fraud & Risk Intelligence solutions in EMEA where he works closely with organizations to define fraud prevention strategies across consumer digital channels. With over 15 years of experience in the IT security industry, Nathan is a seasoned expert with extensive experience in fraud and risk management, security solution architecture, security assessments and security solution engineering. Nathan is a frequent speaker at industry and media events on cybercrime and other fraud-related topics.

About RSA

RSA offers business-driven security solutions that uniquely link business context with security incidents to help organizations manage risk and protect what matters most. RSA solutions are designed to effectively detect and respond to advanced attacks; manage user identities and access; and, reduce business risk, fraud, and cybercrime. RSA protects millions of users around the world and helps more than 90% of the Fortune 500 companies thrive in an uncertain, high risk world. For more information, go to rsa.com.