Scam eCommerce sites became a major threat in 2024
A new report from Recorded Future's Inskit Group looks at the emerging and evolving key fraud threats in the payments industry.
It identifies nearly 1,200 scam website domains linked to networks of scam merchant accounts. Most of the scam merchant accounts discovered were registered in the United Kingdom and Hong Kong, and scam tactics, techniques, and procedures (TTPs) grew more subtle and sophisticated throughout the year.
Magecart skimmers also became a more prominent threat partly thanks to e-skimmer kits that lower technical barriers for threat actors, and the continuing development of Magecart (TTPs). 67 eCommerce websites using a US-based platform catering to jewelry retailers were infected with Magecart e-skimmers as of July 2024.
Restaurants remained prominent among breach sources, and the research highlights the outsize impact that platform breaches have on the eCommerce industry. A US-based eCommerce platform catering to restaurants was likely compromised in late 2024. Magecart threat actors injected an e-skimmer infection into a file hosted on the platform's content delivery network, indicating that all restaurants using the platform were highly likely to have been impacted by the breach. At the same time, breaches at fashion stores became increasingly common, a trend largely driven by the increasing volume of scam websites.
The report calls defending against these attacks the 'Castle Dilemma'. Cyber threat intelligence (CTI) teams and their partner cybersecurity assets are superbly equipped to protect their
institution -- the castle -- from direct attacks, but CTI teams encounter challenges enabling anti-fraud teams to protect customers.
The availability of victim card and cardholder data surged in 2024, with 269 million card records posted on dark web and clear web sources. This is especially true of for-sale card data on dark web marketplaces, with 70 million more card records published for sale compared to 2023.
The report's authors conclude, "Evolution is expected in any criminal threat landscape, and fraud is no exception. As emerging technologies and investigation flows drive improved anti-fraud systems, threat actors probe financial institutions' defenses for weaknesses that can be exploited to defraud victims. It is, therefore, unsurprising that as financial institutions and other organizations adopt cooperative CTI–fraud fusion strategies to overcome the Castle Dilemma, threat actors increasingly turn to their own 'dark-side' fusion strategies to conduct fraud. While trends this year are somewhat superficial against the ever-shifting backdrop of the cyber-enabled fraud landscape -- which is itself influenced by constantly changing technological, economic, and regulatory factors -- threat actors' ability to adopt security and convenience mechanisms as fraud mechanisms in 2024 nevertheless portends challenges to come."
You can get the report from the Recorded Future site.
Image credit: ronstik/depositphotos.com