RSA’s Quarterly Fraud Report Finds Decrease in Cyberfraud


Mason Wilder, CFE
ACFE Research Specialist

Perhaps the most encouraging and notable piece of RSA’s most recent quarterly report comes in the form of an overall decrease in cyberfraud. The total amount of cyberfraud attacks observed from January 1, 2018 to March 31, 2018, represented a decrease not only from the previous quarter (16.2%) but also from the same quarter of 2017 (8.6%).

RSA, a global cybersecurity and anti-fraud services provider, issues a report each quarter outlining trends related to fraud attacks it observes. The contents represent only a portion of the entire cyberfraud landscape, as RSA does not observe each and every fraud attack that occurs online, but does include pertinent information for fraud examiners who regularly deal with cyberfraud.

Other significant takeaways from the report include:

  • Biggest Phish in the Sea
    Phishing attacks constitute almost half (48%) of all cyberattacks observed by RSA during Q1 2017. According to RSA, the top three target countries for phishing attacks were Canada, the U.S. and India while the top three host countries were the U.S., Russia and India. The data illustrates that phishing attacks remain extremely popular (the next most popular attack vector, Trojan Horse malware, constituted only 25%), likely due to the low cost and ease with which they can be carried out, not to mention their effectiveness.
  • Continued Mobilization
    Mobile fraud, or fraud carried out using mobile devices, continues to grow: 55% of all genuine e-commerce transactions (up nine percentage points from Q1 2017) and 65% of fraudulent e-commerce (also up nine percentage points from Q1 2017) were carried out via mobile applications or browsers. Although growth likely won’t continue at that pace, given the already widespread adoption of smartphones and other mobile devices, e-commerce carried out on mobile devices should be a focal point for fraud prevention efforts going forward.
  • The New-New Threat
    The combination of a new account and a new device accounted for 32% of total online banking login fraud volume and 22% of online banking payment fraud volume observed by RSA, who noted that the pattern “could indicate fraud actors attempting to leverage stolen identities to create mule accounts as part of their ‘cash-out’ plans.”
  • Bad News/Good News
    RSA capped off the report with two features describing how fraudsters use social media and online communities to carry out fraud schemes. RSA reported fraudsters are continuing to use Facebook, Instagram, and Chinese sites QQ and Baidu to exchange stolen credentials and peddle fraud as a service. But, they are also expanding to encrypted messaging platforms like WhatsApp, Telegram and Snapchat as online fraud marketplaces. The anonymity and mobile integration offered by these platforms, combined with invite-only capabilities, provide safe havens for fraudsters to further their schemes and collaborate without detection by authorities. The second feature offered more encouragement for fraud fighters by detailing the popular online community Reddit’s decision to ban fraud forums, or subreddits, where fraudsters exchanged contacts, discussed tactics, shared dark web sources and advertised their services. Although Reddit has previously banned subreddits on which fraud-related activities occurred, this represented a more visible and widespread anti-fraud effort. RSA did note that the fraudsters using these subreddits seemed to quickly offer alternative forums on which they could communicate and collaborate, but eliminating the internet’s most popular message board from online fraudsters’ toolkit can’t be a bad thing. 

Read the full report with even more details from the first quarter of this year.