A new report from Outseer has found that cybercriminals are increasingly turning to brand abuse to leverage attacks.
The Outseer FraudAction team compiled the report based on the 49,000 attacks they tracked throughout Q2 of 2021.
Armen Najarian, Outseer’s chief identity officer, told ZDNet that nearly half of the 49,000 cases Outseer detected in Q2 involved cybercriminals spoofing digital content and experiences, like a fake social media profile, a rogue mobile app or a spoofed website.
“Bad actors impersonate credible brands this way to harvest consumer log-in credentials or personal data. As brands continue to accelerate their own digital transformation and as consumer data becomes more valuable, we predict brand abuse attacks will continue to increase,” Najarian said.
Outseer said that for the third quarter in a row, brand abuse attacks were the most common attack vector detected.
Outseer also found that the US continues to be the top hosting country for phishing attacks, holding on to the title since 2017. The US accounts for more than 72% of ISPs hosting these types of attacks, according to the report.
Outseer attributed the trend to the handful of large-scale “hosting authorities,” whose sheer size makes it easier for fraudulent activity to go undetected.
But people and companies in the US are also the second largest target for phishing attacks after South Africa, which made it to the top of the list due to the 24 million people impacted by the Experian data breach.
Najarian noted that app stores are rife with rogue apps designed to steal from unwitting consumers and said there has been a rise in the number of apps appearing in legitimate marketplaces and stores.
“These fake apps, many of which pose as banking apps, infect users’ systems with malware if downloaded. We’ve seen 66% more of these rogue apps compared to last quarter, and 140% more compared to this same time last year,” Najarian said.
In Q2 2021, Outseer researchers said they detected 140% more rogue banking apps compared to the same time frame last year, an increase of 66%.
For the third quarter in a row, mobile banking is the dominant channel for attacks: 70% of fraudulent transactions in digital banking originated in mobile channels in Q2.
The company also managed to recover more than 4.5 million unique compromised cards and card previews from online card stores and fraud communication channels in the quarter.
“The pandemic will continue to drive even more digital commerce or various flavors conducted from both desktop environments and increasingly from mobile devices. The increase in digital transactions equates to an increase in vulnerability, and fraud actors will continue to seek access to our personal information if fraud prevention solutions, 3-D Secure and risk-based authentication tools, are not implemented,” Najarian said.
“It’s more urgent now than ever for businesses to protect their brands, and to protect their customers from these dangerous attacks, particularly as we approach the holiday shopping season.”