Phishing Is Primary Attack Vector for Fraud, RSA Finds | eWeek

Rogue Mobile Apps Leading Global Rise in Fraud, RSA Reports

RSA fraud
Aug 15, 2018
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

RSA released its second-quarter 2018 fraud report on Aug. 14, finding that once again phishing attacks are the primary attack vector for fraud.

The 15-page report covers the period from April 1 to June 30 and is based on data collected by the RSA Fraud and Risk Intelligence team. Among the top trends identified in the report is that phishing accounted for 41 percent of all fraud attacks seen by RSA in the second quarter.

Also of note in the report is the finding that 28 percent of fraud in the second quarter was attributed to some form of mobile application. During the quarter, RSA also detected 9,185 rogue apps.


RSA defines rogue apps in a number of ways, including fake and lookalike applications that aim to deceive users by thinking they are associated with or built by a legitimate, trusted brand. 

RSA noted that the rogue applications are similar in nature to phishing emails, but rather than tricking the user into believing an email is from a trusted source, the rogue apps trick users into trusting that a given app is genuine. Rogue banking apps are also a challenge according to RSA, as are apps that are used to divert two-factor authentication codes via SMS. 

Rogue mobile apps aren’t the only mobile fraud risks either. According to RSA, 71 percent of total fraud transactions in the second quarter of 2018 came from mobile browsers and mobile applications. Mobile transactions overall are growing, with RSA reporting that mobile browsers and applications accounted for 56 percent of legitimate transactions in the second quarter. From a geographic perspective, RSA found that the United States was the top hosting country for phishing threats that lead to fraud. On the receiving end, Canada was the top target, followed by the U.S.

There is also a correlation between the age of a device and the chances of fraud. RSA defines device age as how long the RSA Fraud platform has been aware of a given device. Eighty percent of fraud in e-commerce transactions in the second quarter came from a new device. 

Fraud is often attempted with stolen or compromised credit cards, which is a growing problem. RSA found 5.1 million unique compromised cards in the second quarter, which is a 60 percent increase from the first quarter. The average legitimate transaction value for e-commerce across the Americas was $231 during the second quarter. In contrast, the average fraudulent transaction value was 63 percent higher, at $442.

“The average value of a fraudulent transaction will likely always be higher than that of a genuine transaction, since fraudsters regularly use stolen credit cards to make quick, high-value purchases because these goods are easy to resell for a profit,” the report stated.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.