Latest Fraudulent Schemes Targeting the Payments Ecosystem

Malicious actors continued to exploit technical misconfigurations through various fraudulent schemes, according to a new report from Visa.

These include the use of malvertising and search engine optimization (SEO) techniques to conduct convincing and effective phishing and social engineering campaigns, the use of emerging search engine optimization (SEO) advanced language (ALM) and increased targeting of authentication processes.

While the global fraud rate was below normally expected fraud levels during the reporting period (January-June 2023), Visa said it helped proactively block $30 billion during these periods. However, the threat actors were able to carry out targeted and sophisticated fraud schemes impacting specific institutions, technologies and processes.

Ransomware attacks continue to evolve

March 2023 surpassed previous ransomware attack records for the most attacks in a month, with almost 460 attacks; an increase of 91% compared to February 2023 figures and 62% compared to the same period in 2022. A 2023 ransomware report identified that exploited vulnerabilities were the most common root cause (36%) of Ransomware attacks, followed by compromised credentials (29%). .

Interestingly, ransomware attacks and associated bad actors do not always specifically target payment data, but instead compromise any data accessible during their attacks, including payment data or personally identifiable information. The period covered by the study saw a 40% increase in enumeration attacks compared to the previous six months.

Online merchants were responsible for 58% of total fraud and breach investigations, while brick-and-mortar merchants accounted for 20% and ransomware/fraud schemes for 7%.

Notable increase in retail-specific programs

Retail-specific programs have seen a measurable increase over the past six months, including:

• Fake, spoofed or counterfeit merchants: Consumers are targeted through websites that appear to be their favorite merchants. These sites are created to take customer orders, but do not deliver the goods or services ordered and steal customer payment account information.
• The rise of malicious advertising: Some scammers develop fake advertisements to try to obtain personal information. Victims of these schemes are targeted with search engine-optimized scams that prey on what they might be legitimately interested in purchasing.
• Flash fraud scams: Fraudulent flash merchants, also known as evasion schemes, which involve bad actors establishing a legitimate merchant and processing a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions – often using data from stolen payment accounts – and quickly disappears after obtaining the funds from the stolen accounts.
• Free Gift Scams: An emerging crypto scam in the retail space is the “free gift” scam, in which bad actors offer a “free gift” via a pop-up asking the victim to confirm the transaction. When clicked, the malicious payload is executed, which includes a file containing a malicious NFT, allowing fraudsters to communicate with the victim’s wallet and authorize cryptocurrency transfers from the victim’s wallet to the victim’s wallet. fraudster.

Crackdown on cybercrime activities

Visa’s efforts over the past six months have resulted in a significant crackdown on cybercrime activities with the help of global law enforcement and government agencies.

Visa has also helped bring fraudsters to justice around the world. In May 2023, the US Secret Service took down a major cybercrime platform called Try2Check. A local enforcement action called Operation Urban Justice has been launched in California to target electronic benefit transfer (EBT) fraud, which has led to the arrest of 20 suspects believed to be part of a European crime syndicate from the east. In April 2023, an international coalition of law enforcement carried out the Genesis Market Takedown, arresting 119 people involved in the cybercrime platform.

“While we are pleased with the lower-than-expected fraud rate over the past few months, this edition of the biannual threat report continues to highlight how savvy fraudsters remain,” said Paul Fabara, Chief Risk Officer at Visa. “Just as criminals benefit from technological advances, so does Visa, and the $30 billion in fraud prevented in the last six months alone is a great testament to that. »