This Week: Rising Fraud, and Cute But Dangerous

Next: This Week: Steep Discounts and Limited Loyalty
Previous: Excuse Me, Could I Borrow Your W-2?
Cute toys plus an internet connection can spell disaster.
March 03, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

This week we saw that information security threats are still on the rise, and can appear in ways we don’t expect. New reports show that online fraud was on the rise in 2016 as retailers have continued to support EMV credit cards in their stores. A children’s toy raised further concerns about the security of IoT devices, while some interesting Android malware raised eyebrows.

Online Fraud on the Rise

New research from Forter and Merchant Risk Council reveals that (perhaps unsurprisingly) online fraud expanded by 8.9% in 2016.

And while no industry left 2016 completely unscathed, some suffered more than others; attacks against clothing apparel and food delivery companies increased significantly in 2016, with 69.9% and 49.8% rises respectively.

Researchers and retailers are quick to point to the spread of EMV (“chip”) payment cards, which feature a token-based chip that makes it more difficult to steal and duplicate card data, as the likely cause for the surge in online fraud.  

The carding shops across the dark web that peddle stolen credit cards by the thousands, though, may be the sort of catalyst which makes e-commerce fraud surpass traditional forms of retail fraud.

By providing unfettered and anonymous access to others’ personal and financial information, fraudsters will no longer need to risk conning the cashier. These illicit markets enable scammers to open phony bank accounts, make calculated purchases, and collect their profits, all without leaving the comfort of home.

Cute, Cuddly, Concerning

A data breach impacting more than 800,000 customers of CloudPets, a toy company that makes a stuffed animal that sends voice messages from parents to children, raised concerns about hackers gaining unauthorized access to voice recordings. Although parent company Spiral Toys said that none of the recordings were stolen, hackers appeared to have accessed email addresses and hashed passwords.

One more thing: Confused Hackers

Researchers recently discovered 132 mobile apps in the Google Play store that intended to infect unsuspecting users with Windows malware. Yes, you read that correctly. Needless to say, the malware did not work. If anyone’s keeping a list of funny malware fails, add this to it, though it was most likely the result of app developers using previously-infected machines, which infected the files without their knowledge as they built and distributed their apps.

RELATED ARTICLES
analysis January 08, 2019
New Commodities, New Consequences: Child Data on the Dark Web

analysis December 06, 2018
The Year Ahead: Developments in the Dark Web Data Trade

Sensitive data had a very bad year in 2018—and the year isn’t over yet. With the increase of large-scale breaches, what drives the underground economy for data on dark web markets? How will that...