Rogue Mobile Apps Leading Global Rise in Fraud, RSA Reports

RSA has released its second-quarter 2018 fraud report, finding increasing risks from mobile apps and devices.

RSA fraud

RSA released its second-quarter 2018 fraud report on Aug. 14, finding that once again phishing attacks are the primary attack vector for fraud.

The 15-page report covers the period from April 1 to June 30 and is based on data collected by the RSA Fraud and Risk Intelligence team. Among the top trends identified in the report is that phishing accounted for 41 percent of all fraud attacks seen by RSA in the second quarter.

Also of note in the report is the finding that 28 percent of fraud in the second quarter was attributed to some form of mobile application. During the quarter, RSA also detected 9,185 rogue apps.

RSA defines rogue apps in a number of ways, including fake and lookalike applications that aim to deceive users by thinking they are associated with or built by a legitimate, trusted brand. 

RSA noted that the rogue applications are similar in nature to phishing emails, but rather than tricking the user into believing an email is from a trusted source, the rogue apps trick users into trusting that a given app is genuine. Rogue banking apps are also a challenge according to RSA, as are apps that are used to divert two-factor authentication codes via SMS. 

Rogue mobile apps aren't the only mobile fraud risks either. According to RSA, 71 percent of total fraud transactions in the second quarter of 2018 came from mobile browsers and mobile applications. Mobile transactions overall are growing, with RSA reporting that mobile browsers and applications accounted for 56 percent of legitimate transactions in the second quarter. From a geographic perspective, RSA found that the United States was the top hosting country for phishing threats that lead to fraud. On the receiving end, Canada was the top target, followed by the U.S.

There is also a correlation between the age of a device and the chances of fraud. RSA defines device age as how long the RSA Fraud platform has been aware of a given device. Eighty percent of fraud in e-commerce transactions in the second quarter came from a new device. 

Fraud is often attempted with stolen or compromised credit cards, which is a growing problem. RSA found 5.1 million unique compromised cards in the second quarter, which is a 60 percent increase from the first quarter. The average legitimate transaction value for e-commerce across the Americas was $231 during the second quarter. In contrast, the average fraudulent transaction value was 63 percent higher, at $442.

"The average value of a fraudulent transaction will likely always be higher than that of a genuine transaction, since fraudsters regularly use stolen credit cards to make quick, high-value purchases because these goods are easy to resell for a profit," the report stated.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.