RSA Security says that the number of fraudulent transactions originating from mobile devices is up 200% since 2015. In 2015 only 5% of fraudulent transactions originated from mobile; in 1st quarter 2018 it was 39%.
The volume of fraudulent transactions overall is up 680% and up by 63% since 1st quarter 2017.
On the other hand, you are safer on your desktop. Since 2015, that percentage is down from 62% to 35%.
But bad guys are getting smarter too. 82% of observed fraudulent e-commerce transactions came from a new device and 32% came from a new account (like, maybe, yours) and a new device. Hackers need your account to launder the attack through.
If the dollars involved are large enough, the FBI or local police could come knocking on your door to “ask a few questions”.
Phishing is still popular in 48% of the fraud attacks.
And RSA recovered 3.1 million stolen credit cards off the dark web in 1Q 2018.
This means that if you use a cell phone, you are a target. Pretty much everyone, that means.
So what should you do?
Here is what RSA says:
Be very careful when downloading apps – the source, the permissions – assume the worst and work backwards from there.
Be careful on clicking – in text messages, in email or in social media. Even if you think it is coming from a “Friend” BE CAREFUL!
Bad guys often make test purchases first – small ones. Most credit cards will send you a text message when a charge is made – turn that feature on. Watch out for those small transactions that are not yours.
Educate yourself and if you run a business unit, educate your people. These attacks tend to look very real. It is easy to fall for the bad guys.
For business devices, use mobile device management software such as Microsoft Intune which requires users to register their device. This makes it much harder to steal credentials and use them someplace else.
Finally, use two factor authentication. I know it is more work, but so is dealing with fraud.
If you are running an e-commerce site, up the defenses as well. YOU wind up paying for most of the fraud.
Information for this post came from Help Net Security.