During the month of October, Cybersecurity Awareness Month reminds us of a category of crime that continues to inflict taxpayers and companies with damages amounting to billions of dollars annually. Staying updated on the latest attack types and prevention techniques is the only way to future-proof your organization. Here are five fraud trends from our experts that you won’t want to miss:
Synthetic identity fraud is initiated when a hacker procures a social security number by theft or purchase on the Dark Web, and then fabricates an associated name, DOB, email account, or phone number. From there, the fake identity is legitimized and nurtured in order to exploit lines of credit. Once a fraudster is able to become an authorized user, a process that typically takes 5 months, the “bust-out” is ready to be executed. When the dust settles, creditors and businesses are left with dummy accounts filled to the brim with credit card maximums, loans, and cell phone/utility plans.
The “R word” can send chills down the spine of any business owner or MSP, and for good reason. Two cities in Florida were forced to pay over a million in aggregate bitcoin ransom, only after losing access to phone and email systems for multiple weeks. Municipalities are not alone, and a quick glance at data breach news headlines on any given week will reveal SMB attacks as well. Ultimately, ransomware boils down to the economic concept of incentives, and it will require a concerted effort by organizations to shift the paradigm.
Account Takeover (ATO)
Understanding how criminals are targeting your business or vertical is a fundamental component to any sound cybersecurity strategy. Nevertheless, “the nature of work for a CISO is often reactive”, tasked with establishing a Security Operations Center filled with analysts who are looking to spot a needle in a haystack. On the other hand, the commoditization of crimeware and “spray-and-pray” techniques have led to a higher frequency in breaches, many of which are executed by non-sophisticated hackers. Solving ATO fraud at the small business and medium enterprise level in today’s world requires purpose-driven teams and technologies that can protect your business smarter and more efficiently.
Just this summer, three US universities disclosed data breach incidents within a two-day span. However, this pales in comparison to last year’s highlight. In March 2018, nine hackers breached 144 US universities, charged with stealing 31 terabytes of data worth roughly $3.4 billion in intellectual property. Such breaches have a ripple effect across all verticals and companies, driving consumer awareness and raising the standard for cybersecurity for everyone.
Finally, our bread-and-butter: the Dark Web. Security researchers estimate that In the first half of this year alone, 23M+ credit and debit card details were being sold in underground forums. What’s worse, nearly two out of every three originated in the United States (64%), followed by the UK (7%) and India (4%). Once such data dumps hit the Dark Web, cybercriminals will exchange stolen information and credentials in order to orchestrate damaging fraud schemes.
Dark Web Monitoring
SSVA's dark web monitoring is designed to help both public and private sector organizations detect and mitigate cyber threats that leverage stolen email addresses and passwords. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today: www.ssva.com/darkweb.
False identities may slip through conventional detection methods, but we’ve got you covered. With SSVA's Security Awareness Training +, you can provide a more complete picture of your company’s security posture and potential risk, transforming the weakest links of any organization into their strongest points of protection. Find out how you can get started with us here: www.ssva.com/security-awareness-training