Data breaches lead to surge of spoofing attacks

The number of attacks on businesses is trending up as crimeware tools gain traction providing tools to fraudsters to automate cybercrime attacks leveraging the customer data made available from breaches.

During Q4 2014 and Q1 2015, ThreatMetrix analyzed more than six billion transactions, with nearly one-third originating from mobile devices.


An increasing amount of traffic is cloaked. This is especially true for new account creations wherein the fraudsters use stolen identities with these tools to defraud businesses. Mobile fraud also proliferates as more users carry out transactions on their devices.

Impersonation or spoofing attacks are now the most common threat, and ThreatMetrix identified more than 11.4 million fraud attempts during peak holiday shopping.

Nick Cook, Chief Innovations Officer at Intercede, comments the findings for Help Net Security: “One of the most pressing challenges facing m-commerce providers is to ensure financial applications, along with information used by and transmitted from them, are fully protected against mobile fraud threats such as spoofing. However, one of the simplest ways to protect against these mobile security threats is already sitting inside many handsets. An incredibly effective way of protecting sensitive Android applications and their activities is to load the app in the completely secure Trusted Execution Environment (TEE) via a Trusted Application Management (TAM) service.”

Despite the global nature of cybercrime, the majority of attacks originate in the countries with high online and mobile volume. The majority of attacks originated from and targeted the same country. Top 5 attack originations and target countries were:

  • Canada
  • United States
  • France
  • United Kingdom
  • Germany.

While new account creation rates were lower than other transaction types, they had a two times higher instance of fraudulent transactions driven by the availability of stolen identities in the wild from massive breaches.

While online banking authentication transactions continue to dominate the financial services industry, the payment transactions increased during this period driven by the increasing adoption of alternate payment methods and bankcard authentication solutions, and increase in online money gifting during the holiday season.


The impact of breaches and consumer credentials in the wild is more evident in the financial services industry, with a substantial increase in fraud rates across all transaction types.

Financial services transactions broken down consist of the following percentages and risks:

  • One percent of transactions were account creation, with 2 percent high risk
  • 76 percent of transactions were account logins, with 2.6 percent high risk
  • 23 percent of transactions were payments, with 3.2 percent high risk.

Cybercriminals are increasingly exploiting people. They’re making transactions while impersonating individuals whose personal details have been exposed in data breaches.


The bar charts represent percentage of total transactions that were recognized at attacks

In both the e-commerce and financial services industries, businesses must prepare for the growth of new in-store technologies such as Europay-MasterCard-Visa (EMV) and Apple Pay with the wide adoption of the Apple Watch and other connected devices (IoT). As these technologies cut down point-of-sale fraud, the attacks will move to the online channel.