Swathes of freshly breached identity data means Cybercrime Christmas comes early for fraudsters targeting Black Friday shopping

  • The week of Black Friday is predicted to see largest number of cyberattacks on retailers to date
  • The week of 20th November is going to be ‘hit week’ as 50M global attacks expected across the peak shopping days
  • Billions in revenue at stake as retailers look to stop fraudsters, without adding onerous security checks and increasing abandonment rates
  • Intensified bot activity shows cybercriminals recruiting an army of ‘cyber elves’ in the run up to the biggest shopping period of the year
  • Identity has become the most valuable currency on the web as fraudsters harvest personal credentials from the large data breaches of 2017

Online retailers are expected to face enormous security challenges as they prepare for the biggest cybercriminal attacks to date. Early forecasts from retail analysts, including IMRG, have been predicting strong online sales during the 2017 Christmas shopping period, with a forecast that £20bn will be spent online during November and £7bn peak in online sales during the Black Friday spike. However, fraudsters have been busy preparing their armory and are expected to capitalise on this enormous amount of online spending in the run up to and surrounding Black Friday and Cyber Monday.

ThreatMetrix®, The Digital Identity Company®, which monitors and protects more than 24 billion online transactions each year, today reveals data that demonstrates online fraudsters have been gearing up for the festive period. By recruiting armies of fraudsters and developing new, sophisticated cybercrime techniques, they are expected to exploit the busiest online shopping period of the year. More than 50 million attacks will target businesses during the week of 20th November. With the average ticket size of fraudulent transactions being two-times that of a good transaction, these attacks represent a significant potential loss in revenue.

UK and European retailers in particular are being warned to be extra vigilant as these regions have become a hotbed of cybercrime, with online transactions 63 percent more likely to be fraudulent than in North America. The UK, France and Germany have consistently appeared on the “top 5 attack originator” list during the peak shopping period of Q4 (both in 2015 and 2016), and 2017 is expected to be no exception. ThreatMetrix estimates that approximately 50 million attacks will originate from these three countries in total this quarter. Around 15 million of these attacks will happen during the peak shopping period.

ThreatMetrix data demonstrates that some of the largest, high-profile data breaches across 2017 have caused significant spikes in the trading of personal identity data on the dark web, helping the preparations for a big ‘hit’ over the Christmas shopping period. Retailers preparing for this crunch period need a sophisticated way to recognise true customer digital identity versus fraudsters posing as individuals using stolen data.

Vanita Pandey, vice president of product marketing and strategy at ThreatMetrix comments, “Cybercrime continues to grow, with organisations being attacked more than ever before, fueled in large part by the proliferation of data breaches that continue to provide fresh identity data to exploit. Fraudsters are acting with haste, before data breaches are disclosed publicly, to test stolen credentials with a view to perpetrate large-volume attacks on digital businesses. In just the past 90 days alone, the ThreatMetrix Digital Identity Network detected 171 million attacks, which is a 32 percent increase since the beginning on 2017.”

The Creation of a Christmas Bot Army:

Bot activity has significantly intensified in the second half of this year across the ThreatMetrix Digital Identity Network®, as fresh data has been made available due to the recent major breaches. In the same way that retailers are bringing on supply staff to cover this busy shopping period, cybercriminals are creating armies of automated cyber robots (bots) to carry out large-scale attacks on businesses.

“We predict that the top retailers will sustain heightened attacks from bot operators, looking to test personal accounts. Over the next week, we are expecting approximately 5 to 8 million daily identity testing attacks,” Pandey continues. “By analyzing our most recent data, we can see that the scale of eCommerce attacks in the final quarter of 2017 is likely to surpass the entire attack number for all industries – including banking and media – during Q4 2016.”

In just the past 90 days:

  • 171 million attacks were registered this last quarter; around a 100-percent increase over Q3 2015
  • New account registrations are twice as likely to be fraudulent than trusted payments
    • Identity data has replaced credit card data as the key target for cybercriminals for long-term gain
  • 450 million bot attacks were recorded, with the majority focused on initial identity tests as well as automated attacks.
  • The EMEA region is a hotbed of cybercrime, with transactions 63 percent more likely to be an attack than in North America
  • Brazil emerged as one of the top attack originators, especially for new account origination attacks.

Coming at a time when millions of consumers are concerned about the downstream effects of major breaches, the Q3 Cybercrime Report examines attack patterns, which show increasingly dramatic spikes that can be correlated to high-profile data breaches.

ThreatMetrix Q3 2017 Cybercrime Report – download now

About the ThreatMetrix Q3 2017 Cybercrime Report

The ThreatMetrix Q3 Cybercrime Report is based on actual cybercrime attacks from July to September 2017 that were detected by the ThreatMetrix Digital Identity Network during real-time analysis and interdiction of fraudulent online payments, logins and new account applications.

About ThreatMetrix

ThreatMetrix®, The Digital Identity Company®, operates a global shared intelligence network to differentiate trusted customers from fraudsters. The ThreatMetrix Digital Identity Network® recognizes behavior and identities across 4.5 billion unique devices from 1.4 billion anonymized users worldwide. More than 5,000 businesses rely on ThreatMetrix as their decision engine to deliver a frictionless digital customer experience across all online transactions for increased profitability and security.

ThreatMetrix is recognized as the sole Leader in the 2017 Forrester WaveTM for risk-based authentication. Learn more at www.threatmetrix.com.

© 2017 ThreatMetrix. All rights reserved. ThreatMetrix and the ThreatMetrix logo are trademarks or registered trademarks of ThreatMetrix in the United States and other countries. All other brand, service or product names are trademarks or registered trademarks of their respective companies or owners.

For ThreatMetrixSophie BrownTel: +44 (0)7919 095 793Email: sophiebcomms@gmail.comorCourtney AustinTel: +44 (0)7554 495 218Email: caustin@threatmetrix.com