This Week: Rising Fraud, and Cute But Dangerous

Next: This Week: Steep Discounts and Limited Loyalty
Previous: Excuse Me, Could I Borrow Your W-2?
Cute toys plus an internet connection can spell disaster.
March 03, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

This week we saw that information security threats are still on the rise, and can appear in ways we don’t expect. New reports show that online fraud was on the rise in 2016 as retailers have continued to support EMV credit cards in their stores. A children’s toy raised further concerns about the security of IoT devices, while some interesting Android malware raised eyebrows.

Online Fraud on the Rise

New research from Forter and Merchant Risk Council reveals that (perhaps unsurprisingly) online fraud expanded by 8.9% in 2016.

And while no industry left 2016 completely unscathed, some suffered more than others; attacks against clothing apparel and food delivery companies increased significantly in 2016, with 69.9% and 49.8% rises respectively.

Researchers and retailers are quick to point to the spread of EMV (“chip”) payment cards, which feature a token-based chip that makes it more difficult to steal and duplicate card data, as the likely cause for the surge in online fraud.  

The carding shops across the dark web that peddle stolen credit cards by the thousands, though, may be the sort of catalyst which makes e-commerce fraud surpass traditional forms of retail fraud.

By providing unfettered and anonymous access to others’ personal and financial information, fraudsters will no longer need to risk conning the cashier. These illicit markets enable scammers to open phony bank accounts, make calculated purchases, and collect their profits, all without leaving the comfort of home.

Cute, Cuddly, Concerning

A data breach impacting more than 800,000 customers of CloudPets, a toy company that makes a stuffed animal that sends voice messages from parents to children, raised concerns about hackers gaining unauthorized access to voice recordings. Although parent company Spiral Toys said that none of the recordings were stolen, hackers appeared to have accessed email addresses and hashed passwords.

One more thing: Confused Hackers

Researchers recently discovered 132 mobile apps in the Google Play store that intended to infect unsuspecting users with Windows malware. Yes, you read that correctly. Needless to say, the malware did not work. If anyone’s keeping a list of funny malware fails, add this to it, though it was most likely the result of app developers using previously-infected machines, which infected the files without their knowledge as they built and distributed their apps.

RELATED ARTICLES
analysis March 20, 2019
Trends and Projections: Shifting Law Enforcement

For the first post in the Trends and Projections series, we unpack the increased law enforcement attention toward cyber-enabled fraud and the shift in resources allocated to taking down dark web communities trading compromised...

analysis January 24, 2019
Collection #1: Why You Should Care but Not Panic

January is not yet over and 2019 has already brought us the second biggest collection of stolen data in history. Unlike traditional data breaches, Collection #1 is actually a massive collection of smaller credential...