One especially damaging form of online hacking increased dramatically during the first half of 2023.
According to the fall 2023 Biannual Threats Report from Visa Inc. (covering January to June 2023), while the global fraud rate trended lower than normal expected fraud levels during the report’s time period, ransomware attacks continued to grow in prevalence.
Visa data indicates March 2023 surpassed prior ransomware attack records for the most attacks in one month with nearly 460 attacks; a 91% increase over February 2023 and 62% higher compared to March 2022. Exploited vulnerabilities (36%) were the most common root cause of ransomware attacks, followed by compromised credentials (29%).
Online retailers were responsible for 58% of total fraud and breach investigations, while brick-and-mortar retailers made up 20%, and ransomware/fraud scheme attacks represented 7%.
Retail-specific attacks on the rise
Visa said the following fraud schemes that are specifically designed to target retailers notably increased in the first half of 2023:
- False, spoofed, or counterfeit retailers: Consumers are being targeted through websites that seem like those of legitimate retailers, established to take customers’ orders, but not fulfill the goods or services ordered and instead steal customers’ payment account information.
- ‘Malvertising’: Some scammers are developing fake ads to try to obtain personal information. Consumers are targeted with search engine-optimized scams based on what they might be interested in legitimately purchasing.
- Flash-fraud scams: Flash fraud retailers, also known as “bust-out schemes,” establish a legitimate e-commerce site and process a small number of legitimate payments to establish credibility, are also on the rise. Once a satisfactory payment processing history is established, the seller suddenly submits a large number of fraudulent transactions—often using stolen payment account data – and disappears after obtaining the funds from stolen accounts.
- Free gift scams: In this scam aimed at cryptocurrency users, bad actors will offer a “free gift” through a pop-up window asking the victim to confirm the transaction. When clicked, it delivers a malicious download including a file with malicious NFT, allowing fraudsters to communicate with the victim’s digital wallet and authorize cryptocurrency transfers from the victim to the fraudster.
In addition, Visa data indicates the first half of 2023 saw a 40% increase in enumeration attacks (“brute force” attacks where cybercriminals submit large amounts of user name-passwords.
“While we are pleased by the lower-than-expected fraud rate over the last few months, this edition of the Biannual Threats Report continues to underscore just how savvy fraudsters continue to be,” said Paul Fabara, chief risk officer at Visa.
[Read more: Verizon: Hackers put retail payment card data at risk]