by Jeff Stone

Digital scammers are stealing victims’ personal information in new ways, preferring rogue mobile applications and account takeover attacks after a generation of using phishing as their primary hacking technique.

Fraud attacks from rogue mobile applications increased by more than 300 percent, up to 41,313 incidents in the first quarter of this year from 10,390 events in the fourth quarter of last year. The figure represents 50 percent of the attacks detected in a fraud report released Wednesday by RSA, with phishing attacks making up 29 percent, trojan horses at 12 percent and brand abuse at 9 percent. Phishing attacks increased by less than 1 percent from one quarter to the next.

That jump in rogue apps coincides with an uptick in research from other security companies reporting malware that steals victims’ information by appearing as legitimate programs. VidMate, an Android app that allowed users to download videos from services like YouTube and WhatsApp, actually defrauded people by secretly subscribing them to paid services, BuzzFeed reported. Others, like Flappy Birr Dog and Flappy Bird, stole data from more than 100,000 people before their discovery by TrendMicro in January.

“The popularity of apps serves as an incentive for cybercriminals to continue developing campaigns that utilize them to steal information or perform other kinds of attacks,” researchers said earlier this year.

The number of fraudulent transactions where a card was not present (CNP) jumped by 17 percent in the last quarter, with most of those occurring via mobile. The average value of a fraudulent CNP transaction in North America was $403, compared the average $213 value of a genuine transaction, according to RSA. Last year marked the first time financial institutions uncovered more instances of CNP fraud than when a card was physically involved, Verizon previously found.

“The average value of a fraudulent transaction will likely always be higher than that of a genuine transaction, since fraudsters regularly use stolen credit cards to make quick, high-value purchases because these goods are easy to resell for a profit,” the RSA report said.

Hackers also are utilizing websites known as account checker studios, in RSA’s parlance, to verify whether they can use stolen username and passwords to access information from the same victim on other websites. Sites like Sentry MBA and SNIPR are the traditional repositories where thieves can test their credentials for popular services like Netflix, Spotify, or video games like Fortnite, but they’re also known among fraud investigators.

By developing smaller, unique sites that can facilitate credential stuffing attacks on specialized niche pages, as RSA has discovered, scammers can avoid detection while also remaining competitive with anti-fraud measures.

“If in the past a fraudster committed e-commerce fraud by using a compromised credit card and the ‘guest checkout’ option, today many use account takeover fraud of existing customer accounts in order to reduce the risk of being flagged for fraud,” the report found. “Also, many of the accounts are used as infrastructure for further defrauding individuals and organizations. For example, compromised accounts for dating sites are used for romance scams, while compromised accounts of registrars and hosting companies are used to set up phishing websites.”

More specific account checker studios can help more hackers automate their attacks, RSA predicted, leading to more breaches like the kinds that have haunted Dunkin’ Donuts, HSBC bank and others

译文：数字诈骗者以新的方式窃取受害者的个人信息，在使用网络钓鱼作为主要黑客技术后，更喜欢流氓移动应用程序和帐户接管攻击。

来自流氓移动应用程序的欺诈攻击增加了300％以上，今年第一季度从去年第四季度的10,390起事件中增加了41,313起。这个数字代表了RSA周三发布的一份欺诈报告中发现的攻击的50％，网络钓鱼攻击占29％，特洛伊木马占12％，品牌滥用占9％。从四分之一到下一季度，网络钓鱼攻击增加不到1％。

流氓应用程序的增长恰逢其他安全公司的研究报告增加，这些公司报告的恶意软件通过作为合法程序出现来窃取受害者的信息。VidMate，一个Android应用程序，允许用户从YouTube和WhatsApp的服务下载的视频，实际上是由他们偷偷订阅付费服务欺诈的人，BuzzFeed使用报告。其他人，比如Flappy Birr Dog和Flappy Bird，在1月份被TrendMicro发现之前窃取了超过10万人的数据。

研究人员今年早些时候表示，“应用程序的普及可以激励网络犯罪分子继续开发利用它们窃取信息或进行其他类型攻击的活动。”

上一季度不存在卡（CNP）的欺诈交易数量猛增17％，其中大部分通过移动设备发生。根据RSA的数据，北美欺诈性CNP交易的平均价值为403美元，而真实交易的平均价值为213美元。Verizon此前发现，去年这是金融机构第一次发现更多的CNP欺诈事件，而不是卡片实际参与。

“欺诈交易的平均价值可能总是高于真实交易的平均价值，因为欺诈者经常使用被盗的信用卡进行快速，高价值的购买，因为这些商品很容易转售以获取利润，”RSA报告说过。

黑客还利用称为帐户检查工作室的网站（用RSA的说法）来验证他们是否可以使用被盗的用户名和密码来访问其他网站上同一受害者的信息。像Sentry MBA和SNIPR这样的网站是传统的存储库，窃贼可以测试Netflix，Spotify或Fortnite等视频游戏等流行服务的凭据，但欺诈调查人员也知道。

正如RSA所发现的那样，通过开发更小，更独特的网站可以促进对专业利基页面的凭证填充攻击，诈骗者可以避免检测，同时保持与反欺诈措施的竞争力。

“如果欺诈者过去通过使用受损信用卡和”客人结账“选项进行电子商务欺诈，那么今天许多人利用现有客户账户的账户接管欺诈来降低被欺诈的风险，”报告发现。“此外，许多帐户被用作进一步欺骗个人和组织的基础设施。例如，约会网站的受损账户被用于浪漫诈骗，而注册商和托管公司的受损帐户被用于建立网络钓鱼网站。“

RSA预测，更具体的帐户检查工作室可以帮助更多的黑客自动化他们的攻击，导致更多的漏洞，如困扰Dunkin'Donuts，汇丰银行和其他人的那种。