RSA Monthly Online Fraud Report -- November 2013


Published on

The RSA Monthly Online Fraud Report discusses the latest trends in cybercrime and phishing around the globe.

Published in: Technology, Economy & Finance
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

RSA Monthly Online Fraud Report -- November 2013

  1. 1. CYBERCRIME BELLS ARE RINGING, ARE YOU LISTENING? The Top Nine Threats to Retailers this Holiday Season November 2013 October marked a record breaking month for the number of phishing attacks identified by RSA in a single month – an astounding 62,105 attacks. This is not surprising as past phishing trends have demonstrated a surge in attacks right before the holiday shopping season. And with more consumers conducting e-commerce online and through their mobile devices than ever before, it is safe to say cybercriminals will be following the money. This month’s highlight focuses on the top threats to retailers and e-commerce merchants during peak holiday shopping times. For merchants, cybercrime and Web threats go way beyond phishing. According to a new report by the Ponemon Institute and sponsored by RSA, the biggest concern for merchants during these peak shopping times is to ensure that their website remains live and functional because just one hour of website downtime can cost $500,000, or $8,000 per minute, in lost revenue. The top nine threats identified by merchants in the Ponemon study, as well as how likely these threats are to occur and how difficult they feel these threats are to detect, are outlined below. 1. Botnets and Distributed Denial of Service (DDoS) attacks. Besides the direct cost of loss sales from downtime, a DDoS attack could result in lost consumer confidence and brand value which could have long-term impact. 83% of merchants expect to see DDoS attacks during the holiday shopping season. 2. App store fraud. From the delivery of rogue mobile apps masquerading as a legitimate merchant to cashing in on rebates and credit card reward promotions, the mobile channel is particularly vulnerable for merchants. 72% of merchants indicate app store fraud is difficult to detect. FRAUD REPORT R S A M O N T H LY F R A U D R E P O R T page 1
  2. 2. 3. alware on mobile devices/credential theft. Merchants are investing more to support M e-commerce sales in the mobile channel. Mobile devices will account for a larger-thanexpected share of total U.S. retail ecommerce sales, with a forecast for the mobile’s share of shopping to surpass 16% of all e-commerce shopping. Malware capable of capturing account credentials by infiltrating consumers’ mobile devices could potentially rise. 4. Click fraud. Click fraud is a big on the cybercriminal list, taking advantage of “per click” advertising through botnets and automated scripts. Click fraud is typically an issue during the holiday shopping season as merchants invest heavily in advertising to lure consumers to shop online. 74% of merchants indicate this activity is difficult to detect. 5. Testing stolen credit cards. With the high volume of e-commerce transactions taking place during the holiday season, this is usually a good time for cybercriminals to test stolen credit cards they have purchased in bulk from the underground. 6. E-coupon fraud. This type of fraud is often the result of business logic abuse which takes advantage of a vulnerability on a website such as the shopping cart software. In this case, a cybercriminal does an end-run around an online retailer’s pricing policy. They select a heavily discounted item, place it in the “shopping cart” and then delay the checkout. They come back to the cart later after obtaining an e-coupon, and apply the discount to the final purchase price – thus obtaining the item well below the retailer’s cost. 70% of merchants indicate business logic abuse is difficult to detect. 7. ccount hijacking. Account hijacking usually begins with a phishing attack to obtain A customers’ credentials. 61% of merchants expect to see account hijacking activity during peak shopping times. 8. lectronic wallet fraud. Merchants continue to expand customer payment options E including e-wallets and other forms of emerging payments at checkout. As many of these electronic payment options are still new, they offer more vulnerabilities for cybercriminals to take advantage of. 9. ew account fraud/mass registrations. New account fraud typically occurs when there N is a popular promotion or sweepstakes being offered. Cybercriminals will leverage botnets to overload a website with fraudulent new account registrations in order to increase their chances of winning the prize. 71% of merchants indicate new account fraud is difficult to detect. Merchants that view cybercrime and other fraudulent activity as simply part of the cost of doing business online need to consider the numbers. As noted earlier, one website being down for just one hour can cost a retailer as much as $500,000 in terms of lost traffic and revenue which equates to $8,000 for every minute a purchase is prevented or the integrity of a website is compromised. Most companies typically have about 44 customerfacing websites. If all sites were down for just one hour on one day, a company could lose about $22 million. Just as consumers need to beware as they gear up for the hustle and bustle of holiday shopping, retailers and other organizations who could potentially be affected by cybercrime need to be mindful of the myriad of threats that could be targeting their websites and their customers. R S A M O N T H LY F R A U D R E P O R T page 2
  3. 3. RSA CYBERCRIME STATISTICS NOVEMBER 2013 Source: RSA Anti-Fraud Command Center Phishing Attacks per Month RSA identified 62,105 phishing attacks launched worldwide in October – the highest number of attacks ever recorded by RSA in a single month. This marks a 35% increase in attack volume from September. 62,105 Attacks US Bank Types Attacked U.S. nationwide banks remained the most targeted with 57% of phishing attacks targeted at that sector in October. Credit Unions Regional National Top Countries by Attack Volume 81% The U.S. remained the most targeted country in October with an overwhelming 81% of the total phishing volume, followed by the UK, India and Germany. 5% 2% R S A M O N T H LY F R A U D R E P O R T UK 3% U.S. India Germany page 3
  4. 4. Top Countries by Attacked Brands In October, 32% of phishing attacks were targeted at brands in the U.S., followed by the UK, India, France and Brazil. U.S. 32% UK 9% 45% Top Hosting Countries The U.S. continues to host the most phishing attacks, hosting 45% of global phishing attacks in October. 5% 4% 4% GLOBAL PHISHING LOSSES OCTOBER 2013 CONTACT US To learn more about how RSA products, services, and solutions help solve your business and IT challenges contact your local representative or authorized reseller – or visit us at ©2013 EMC Corporation. EMC, RSA, the RSA logo, and FraudAction are trademarks or registered trademarks of EMC Corporation in the U.S. and/or other countries. All other trademarks mentioned are the property of their respective holders. NOV RPT 1113