Security Trends: Why Attackers Attack Non-Financial Accounts to Steal Money

    Hackers are becoming more and more inventive in trying to gain control over other people's financial information. According to a recent study by Javelin Strategy & Research, about 16.7 million people suffered fraudulent attacks and theft of personal information for financial fraud in 2017, and the total amount stolen amounted to more than $ 16.8 billion.

    At the same time, according to analysts, the behavior of cybercriminals has changed lately, and now, to steal money from Internet users, they attack accounts in services that, at first glance, are not related to finances.

    Changes in the actions of hackers

    According to Al Pasqual, senior vice president of the information security company Javelin, the popularity of various attacks changes over time and depends on how profitable they are for crackers. "For example, the advent of cards with chips caused a surge in fraudulent manipulations with credit cards in the online space, and illegal operations in ordinary stores have declined."

    One of the potentially dangerous trends is considered “fraud using a new account”. Under this scheme, thieves use social security numbers and other victim data they have obtained to break into non-financial accounts or open new accounts. Hackers then use fake accounts to gain access to the victim’s existing financial accounts. The number of such attacks over the past year has tripled:


    How it works

    As part of this attack, attackers collect as much data as possible about the victim. Information can be used that was intercepted when working with an unsecured Wi-Fi connection, passwords leaked as a result of hacking of large services, etc.

    Then, instead of trying to attack the victim’s bank account, hackers register new accounts in her name in popular online services and connect a compromised financial account to them as a means of payment.

    This tactic, despite its complexity, has several advantages for scammers. For example, transactions made in some online services are not immediately displayed in bank statements. In addition, such services usually have less advanced anti-fraud systems. This allows you to lull the vigilance of the bank - because when a hacker initiates a money transfer in this format, for the security system it looks as if the user transferred to himself.

    As a result, accounts such as Amazon or PayPal are increasingly being used for attacks such as new account fraud.


    How to protect yourself

    To avoid such troubles, users should independently take care of their own safety on the Internet. Use different and strong passwords in each of the services that offer paid services, as well as make transactions and share personal information on the Internet - these data can be used by attackers to conduct attacks.

    You can protect your data with two-factor authentication: it should be applied not only to financial accounts, but also to other personal accounts, as fraudsters are interested in collecting all possible information about their potential victim.

    James Chessen, Executive Vice President of the American Center for Banking Services for Payments and Cybersecurity, also recommends regularly checking your accounts and activating notifications of any new actions with them in order to be able to track potential fraud or identity theft in advance.

    Other materials on the topic of finance and stock market from ITI Capital :

    Also popular now: