YOU CAN'T AFFORD FAKE ACCOUNTS. NOW, NEITHER CAN THE FRAUDSTERS. Fraud Report

Transcription

1 YOU CAN'T AFFORD FAKE ACCOUNTS. NOW, NEITHER CAN THE FRAUDSTERS. Fraud Report

2 Fake Accounts and the Black Market There s a thriving black market for fake accounts on the internet. Fake accounts are accounts created in bulk using phony information (name, , address, etc.) simply for the purpose of abusing good users online. Almost any type of fake account can be purchased: , blogging, social networking, auction/classifieds, etc. Fraudsters use these fake accounts for various forms of nefarious activities, including spamming, phishing attempts, affiliate fraud, and ecommerce fraud, but their primary motivation is money. As the equation shows, it s a simple numbers game. The more people fraudsters and spammers reach, the more likely they are to increase profits. If they really go for it, some of them can make a six-figure salary in just a few months. Fraud/Spam Profit Equation: (X)= No of people who see a scam/offer (Y)= % of people who act on the scam/offer (Z)= Money made per conversion So (X) x (Y) x (Z) = Profit Assuming a small payout of just $1 per victim: (X=10,000 people) x (Y=1% conversion) x (Z=$1 per conversion) = $100 (X=10,000,000 people) x (Y=1% conversion) x (Z=$1 per conversion) = $100,000 On average, 8.7% of social media accounts are fake. Phone Numbers and Fake Accounts When you dig into the data, fraudulent transitions rarely look like good transactions because: To make money, scale is usually necessary To scale, fraudsters need to automate To automate, they need a repeatable process Some variables in a repeatable process can be easily randomized. Name, address, address, mother's maiden name and birthday can be randomly generated by products such as FakeNameGenerator. It is pretty simple to get through verification but the phone introduces interesting factors that are hard to fake and leave a data trail.

3 Unique Phone Number properties Valid phones must fit into each country s numbering space They must be allocated by a numbering authority; they cannot be created from nothing A valid mobile number must terminate to a (generally relatively expensive) mobile device Mobile devices are usually unique to a person These properties make randomization of the data very difficult. Attempts to automatically create accounts on a massive level produce interesting traffic anomalies and provide insight into current fraud hotspots around the world. This report will demonstrate locations, traffic patterns, and anomalies to be on the watch for and will show the results of effective traffic monitoring and fraud interception. Telecom Fraud Hotspots International revenue share fraud (IRSF) is one of the telecom industries most persistent problems. During this type of attack, fraudsters obtain phone numbers that pay them a small amount for each inbound call generated to the number (similar to 900 numbers found in the US). Fraudsters then find ways to pump as many calls as possible to these phones, generating income for themselves. If this type of traffic is not caught and shut down, the cost to the caller which can be a website, a user with a compromised handset, a company with a compromised PBX, etc. can be enormous. Leading hotspots for telecom-related fraud include Pakistan, Latvia, Guinea, Sierra Leone, Congo, Somalia, Albania, Taiwan, Estonia, and Azerbaijan. Fraudulent traffic is sent to Pakistan 2X more than the Congo or Sierra Leone, and it is 4X as high as traffic in Latvia or Taiwan. Estonia Latvia Albania Guinea Sierra Leone Somalia Pakistan Azerbaijan Taiwan Legend - hot spots Congo

4 Web Fraud Hotspots Thailand, Brazil, Colombia, Ecuador, Egypt, Ghana, and Indonesia are currently producing significantly higher than average volumes of attacks on large web properties. These attacks include attempts to create millions of fake accounts, attempts to take over accounts, and account fraud. Thailand and Brazil are currently leading the pack in terms of attack volume, with each seeing about 7x more attack attempts than the next most popular country. In fact Latin America leads the world in attempted web fraud with 14x as many fraud attempts. Egypt is the second most common place to see fake accounts and Indonesia, Thailand, and Ghana see 5x the normal average of fake accounts. Web fraud attempts are 14% higher in Latin America than anywhere else in the world. Colombia Indonesia Equador Brazil Ghana Egypt Thailand Legend - hot spots

5 Automated Attacks: Traffic Spikes Automated attacks occur when a script or program is used to send automated requests to a website or telecom network. Fraudsters use automated attacks to create thousands of accounts, make purchases, send malware, send premium rate SMS, etc. Companies must be able to detect abnormal patterns in global delivery of SMS and voice traffic. This graph shows an example of an anomalous spike in traffic during an automated attack. The unusual spike in traffic early in the morning was unusual for this region. The 30+% spike in traffic was detected and shut down. Call Volume 30+% traffic spike in early morning hours indicate fraud. Minutes of the day

6 Automated Attacks: Phone Number Anomalies This is another example of abnormal behavior that indicates an automated attack. In this case, fraudsters attempted to use one phone number to create 230+ accounts in less than 24 hours. If the accounts had successfully been opened, they would have been used by the fraudster for spamming, phishing, or some similar undesirable activity. Attacks like this can occur so quickly with fraudsters attempting to create more than one account per second in some cases that they can be difficult to detect on a distributed network. It s only when someone is looking across a network that these attempts can be caught Number appearance frequency One phone was used to open 230+ accounts in less than 24 hours. 0 Minutes of the day

7 Phone Numbers Drive Fraudster Cost Up No phone verification No phone verification Phone verification required BEST SELLING 1000 Accounts $25 per order BEST SELLING 1000 Accounts $50 per order Bronze 5 Phone Numbers $69 $39 Service provider that phone verifies new accounts Faster Delivery Faster Delivery Verified US Forwarding Phone Numbers Verified Accounts Money Back Guarentee Verified Accounts Money Back Guarentee Forwarding for 90 days and 25 mins. Incoming calls Excel/Notepad Report Excel/Notepad Report 72 Hrs Delivery 24x7 Customer Support 24x7 Customer Support Numbers for Voice Verify Personal Accounts Order Now Order Now Buy Now Customer A = $ 0.025/acct Customer B = $ 0.05/acct Customer C = $ 7.80/acct For websites, keeping fake accounts off of their ecosystem is critical. One effective way for websites to block the creation of fake accounts is to require users to attach a verified phone number to each account. Requiring phone verification during account creation significantly slows the rate at which fraudsters can create fake accounts and increases the fraudster s cost for each account created. Typically, phone verified accounts cost at least 160x more on the black market than accounts that are not phone verified. Phone verified black market accounts are 160x more expensive.

8 Conclusion Phone-based verification is the standard for large digital companies to protect global users and secure hundreds of thousands of accounts. When implemented properly, it is a low friction way to assign a unique identity to every account. This step protects the user experience by keeping spam and malicious content out of the ecosystem and provides vital account protection. But, as this report shows, it is not enough to plug in voice and SMS functionality. Fraudsters evolve and they are persistently looking for ways to circumvent security. The unique properties that make the phone such a great tool for identifying users also reveal telltale trends in the data. Phone-based verification is one of the best ways to protect a globally distributed user base. But, you must use a security-minded provider that rigorously monitors large volumes of traffic and shuts down harmful traffic. About TeleSign Every second, of every day, TeleSign protects the world's largest Internet, mobile app, and cloud properties by establishing and verifying Mobile Identity. TeleSign's Mobile Identity platform gives digital businesses the ability to connect a unique identity with every account to verify new registrations and authenticate existing users. TeleSign created Mobile Identity to help businesses preserve their ecosystem by detecting a suspicious user before account creation, and to better protect their existing user base from account compromise. TeleSign is trusted by the world's largest companies and protects 2.5 billion accounts in more than 200 countries and in 87 languages. Corporate Headquarters 4136 Del Rey Avenue Marina del Rey, CA USA Direct Dial: Toll Free: telesign.com Sunnyvale, CA 111 W. Evelyn Ave. Suite 117 Sunnyvale, CA USA TeleSign EMEA 2nd Floor Kingsgate House 115 High Holborn London, WC1V 6JJ United Kingdom London Direct Dial: +44 (0) TeleSign Mobile Novi Beograd Trešnjinog cveta 1 Srbija