Baddies of the internet: It's all about dodgy mobile apps, they're so hot right now

Rogue mobile apps have become the most common fraud attack vector, according to the latest quarterly edition of RSA Security's global fraud report.

Fraud from mobile browsers and mobile applications made up 71 per cent of total fraudulent transactions recorded (of approximately 402,000) in Q2 2018, compared to 61 per cent in Q2 2017.

RSA Security detected 9,185 rogue applications (compared to approximately 8,000 last quarter) which collectively accounted for 28 per cent of all fraudulent attacks recorded. Rogue apps can be anything from fake banking applications designed to capture authorisation codes to counterfeit mobile software that poses as either popular games or technology from a trusted consumer brand.

In the second quarter of 2018, RSA logged nearly 5.1 million unique compromised cards and card previews in underground cybercrime bazaars and from other sources. This represents a 60 per cent increase in cards recovered by RSA in the previous quarter.

Fraudsters are increasingly using burner devices and throwaway accounts to carry out bogus transactions. While just 0.4 per cent of legitimate payment transactions were attempted from a new account and new device, 27 per cent of the total value of fraudulent payments were made through new accounts and devices.

The average value of a fraudulent transaction in Europe was $392 (€346, £308), compared to $171 (€151, £134) for legitimate purchases. The average UK fraudulent transaction was valued at at a slightly lower $355 (€314, £280), compared to $193 (€171, £152) for legitimate transactions.

Phishing accounted for 41 per cent of all fraud attacks observed by RSA in Q2. Canada, the United States, and the Netherlands were the top three countries most targeted by phishers.

Fraud attack type distribution

The stats were gathered by RSA Security’s Fraud and Risk Intelligence unit, a team that works undercover to infiltrate cybercriminal groups, unearth fraud campaigns and track their proliferation. The intel is used by RSA for its managed threat services product. ®