27/11/2024
LONDON — With Black Friday and Cyber Monday around the corner, experts are warning consumers to be extra vigilant as fraudsters look to target busy shoppers with sophisticated account takeover attacks during the festive shopping period.
The 2023 Black Friday and Cyber Monday week saw online shopping transactions soar by a third (33%) compared to a normal week – down slightly from a 36% surge in 2022 – with shoppers using the more secure mobile device route for 80% of transactions, according to analysis by global data firm, LexisNexis® Risk Solutions.
It also reveals that fraudsters targeted shoppers with personal account detail change and password reset attacks – both forms of account takeover fraud – throughout the extended holiday period from 23 November to 31 December 2023.
Transactional analysis during that period suggests that one in six (16%) instances of information being altered in an online retail account was a fraudster changing a victims’ personal account details. Attacks of this nature rose 232% globally in 2023 with most originating in the UK, according to the annual Cybercrime Report published by LexisNexis Risk Solutions.
It also indicates that one in seven (13%) password reset attempts made during the festive period could be an attack as opposed to being the genuine account holder. A 421% year-on-year growth rate in attacks indicates UK consumers now face 70,000 password reset attacks each week, equivalent to seven per minute.
In both types of attacks, criminals aim to take control of victims’ online accounts by changing passwords and other personal information, such as email address and phone number, to steal funds or make high-value purchases while locking the victim out.
Around one in 10 UK fraud attacks is an account takeover attempt and is fuelled largely by phishing and smishing campaigns. Fraudsters often automate attacks using sophisticated bots to test stolen login credentials at high speed and volume on multiple sites at once. Bot use rose 61% for detail change attacks and 870% in password reset attacks in 2023, the data shows.
“The public should remain extra vigilant this shopping season and think twice before clicking on any link they receive in an email or text message claiming to be from a genuine company,” says Rob Woods, a fraud and identity expert at LexisNexis Risk Solutions.
“Well orchestrated criminal networks are now using sophisticated bots to operate fraud attacks on an industrial scale and employ latest generative AI technology to create highly convincing scam messages to dupe people into giving up their login details. Once they have those, it’s relatively straightforward to take full control of an account and cause havoc. Switching on extra security measures such as two factor authentication where available as well as utilising the security measures built into mobile apps are easy and yet highly effective ways for people to protect themselves from these malevolent account takeover attacks.”
LexisNexis® Risk Solutions harnesses the power of data, sophisticated analytics platforms and technology solutions to provide insights that help businesses across multiple industries and governmental entities reduce risk and improve decisions to benefit people around the globe. Headquartered in metro Atlanta, Georgia, we have offices throughout the world and are part of RELX (LSE: REL/NYSE: RELX), a global provider of information-based analytics and decision tools for professional and business customers. For more information, please visit LexisNexis Risk Solutions and RELX.
Media Contacts