Security Trends: why attackers attack non-financial accounts to steal money

Hackers are becoming more and more inventive in an attempt to seize someone else's financial information. According to a recent study by Javelin Strategy & Research, about 16.7 million people have been subjected to fraudulent attacks and theft of personal information for financial fraud in 2017, and the total amount stolen was more than $ 16.8 billion.

At the same time, according to analysts, the behavior of intruders has recently changed, and now to steal money from Internet users, they attack accounts in services that, at first glance, are not related to finance.
')

Changes in hacker actions

According to Al Pascual, senior vice president of the security company Javelin, the popularity of various attacks changes over time and depends on how profitable they are for hackers. "For example, the emergence of cards with chips caused a surge in fraudulent manipulation of credit cards in the online space, and illegal operations in regular stores declined."

One of the potentially dangerous trends is "fraud with a new account." Under this scheme, thieves use social security numbers and other victimized data they have obtained to hack non-financial accounts or open new accounts. The hackers then use fake accounts to access the victim’s existing financial accounts. The number of such attacks over the past year has tripled:

How it works

As part of this attack, attackers collect as much data as possible about the victim. Information intercepted when working with an unsecured Wi-Fi connection, passwords leaked as a result of hacking of large services, etc. can be used.

Then, instead of trying to attack the victim’s bank account, hackers register new accounts in her name in popular online services and connect a compromised financial account to them as a means of payment.

This tactic, despite its complexity, has several advantages for fraudsters. For example, transactions made in some online services are not immediately displayed in bank statements. In addition, such services usually have less advanced antifraud systems. This allows us to put down the vigilance of the bank - after all, when a hacker initiates a money transfer in such a format, for the security system it looks as if the user was translating to himself.

As a result, accounts for resources like Amazon or PayPal are increasingly being used for attacks like new account fraud.

How to protect

To avoid such troubles, users should take care of their own security on the Internet. Use different and strong passwords in each of the services offering paid services, as well as with caution to make transactions and share personal information on the Internet - this data can be used by attackers to conduct attacks.

You can protect your data using two-factor authentication: it should be applied not only to financial accounts, but also to other personal accounts, as fraudsters are interested in collecting all possible information about their potential victim.

James Chessen, executive vice president of the American Banking Services Center for Payments and Cybersecurity, also recommends that you regularly check your accounts and include notifications of any new actions with them, in order to be able to track potential fraud or identity theft in advance.

Other materials on finance and stock market from ITI Capital :

• ITI Capital Educational Resources
• Analytics and market reviews
• How the use of the word “blockchain” allows companies to increase capitalization
• How will be organized trading in Bitcoin futures on the Chicago Stock Exchange
• What to do on holidays: write robots for trading on the exchange in the scripting language TradeScript
• Where it is more profitable to buy currency: banks vs exchange