Peer to Peer sites targeted by cyber-criminals

ThreatMetrix's new cyber-crime report shows cyber-criminals hitting P2P sites with fraudulent accounts created with stolen names and changing their tactics, season on season

The activity of cyber- criminals often mutates with the passage of the seasons (credit: Mauro Bieg via Wikimedia Commons)
The activity of cyber- criminals often mutates with the passage of the seasons (credit: Mauro Bieg via Wikimedia Commons)

Peer to Peer (P2P) sites are increasingly straying into the crosshairs of cyber-criminals, according to a new report.

The report, published by ThreatMetrix, covers the second quarter of 2016.

Of course, cyber-criminals naturally gravitate towards places they can make money and P2P marketplaces are more popular than ever.

Using the millions of identities that have piled up from major breaches over the years, cyber-criminals can easily open accounts under assumed names and use those ghostly identities to not only rob using the stolen names, but the victims of those false accounts.

The media industry in particular saw a 350 percent increase in new account fraud on the same period last year.  This is not going unrecognised as, according to ThreatMetrix's data, more than 10 percent of account creations in Europe are rejected.

Many P2P sites tend to have lower entry requirements, making fraudulent account creation a relative cinch.  Rebekah Moody, spokesperson for ThreatMetrix, told SCMagazineUK.com that considering that the P2P space relies on alternate data elements to validate identities, setting up such accounts can be a good deal for cyber-criminals: “More and more fraudsters are creating these accounts to build the profiles of synthetic identity credentials that they are cultivating. This is why being able to use digital identity intelligence is so important – it can detect fraudsters setting up multiple listings from the same device, or unusual behaviour on a trusted user account.”

On a holiday site, for example, a fraudster could create false listings to cheatcustomers into booking non-existent plane tickets. Perhaps even more sinister, a cyber-criminal could hijack a normal listing and divert transactions right into their pocket.

The second major development the report mentions is a large uptick in fraud just before the summer holidays.  A ThreatMetrix statement notes, “As many Brits planned for their summer breaks and holidays in the sun, review sites and other media platforms have become a major target amongst cyber-criminals over the last 90 days.”

Perhaps predictably,  conmen jump into action during periods of high traffic as it provides them not only with a large pool to steal from, but opportunities to hide amongst the oceans of data flowing back and forth. This season, people are booking holidays, so it makes sense to go where the action is.

Secondly, added Moody “fraudsters are continually trying to blend in with good transactions and as such they change tactics to confuse the businesses and exploit any loopholes that arise: this is another key reason why we see the seasonal peaks and troughs of fraud activity.”

Ben Johnson, chief security strategist for Carbon Black gave SC a rationale for these changes: “Cyber-criminals are increasing their breadth and depth of sophistication and types of campaigns because they are having success.  Related to that, more actors are jumping into the game because they see how lucrative it can be.”

Johnson added, “as consumers and businesses shift to new methods for transmitting data, exchanging payments, and conducting their everyday tasks, the criminals will follow.  The challenge here is that the technology is moving faster than humans can keep up.  New adopters of various types of payment systems or file-transmission services, for example, often don't fully understand how they work.”

Sign up to our newsletters