Forter, an e-commerce fraud prevention company, said they saw a “significant” spike in what appears to be fraudulent account takeovers this summer, something they believe could be a result of the recently-disclosed Equifax (EFX) data breach.
“In the last two months we saw about a 15% increase year-over-year in account takeover attempts,” according to Forter CEO and co-founder Michael Reitblat. “While we can’t confirm that this is related to the Equifax breach, the timing suggests that it could.”
Equifax, one of the three major credit reporting companies, said on Thursday that “criminals” had stolen data that could impact 143 million US consumers. The company’s investigation revealed the unauthorized access occurred from mid-May through July. The information includes names, Social Security numbers, birth dates, addresses and also credit card numbers for approximately 209,000 consumers.
Reitblat explained the summer spike in fraud accounts could be the result of the original Equifax hackers selling initial small amounts of data to fraudsters.
“The fraudsters are paying the hackers bitcoin to see the data and confirm it’s legitimate. Once this stage is over, the hackers will then sell large bulks of data to the fraudsters,” Reitblat explained. “The moment this data starts to be sold in masses and in the open (if the FBI doesn’t catch them first), you will see an absolutely huge significant spike in account takeover attempts.”
In other words, the spike we are seeing now could be just a reflection of a testing phase that will get much larger.
“Remember, criminals usually don’t trust each other,” he said. “Bitcoin did wonders for cyber criminals. Now with bitcoin criminals can specialize into hackers and fraudsters and communicate via bitcoin in stages.”
Equifax did not respond to request for comment from Yahoo Finance.
Account takeover attempts
Reitblat said that hackers going after personal information, instead of purely credit card numbers, is a growing trend.
“Through all the Equifax databases, the hackers have everything about you. And through not very sophisticated social engineering, they can get passwords and security information from other sites,” he said.
He explained that some fraudsters will put small purchases (like $30) on regular high-use credit cards, as these will largely go unnoticed by consumers. Meanwhile, larger purchases may go on more dormant cards, including some store cards that haven’t been in use. In that case, consumers won’t find out until they get notification for amount owed.
Monitor your credit cards
Forter, which handles about $20 billion in online transactions including those for several major Fortune 500 companies, said this could be the most extreme breach they’ve ever seen.
“It is key, in addition to all the other advice out there about freezing your credit score access, to monitor your credit cards—both active and rarely used,” Reitblat advised.
And when it comes to judging this sort of event, Forter should know. The company was founded by former PayPal antifraud experts, has roots in the Israeli Intelligence Corps Cyber Command, and has raised more than $50 million in VC funding, including from Sequoia.
“Organized cyber criminal organizations are automating the fraud process and need large bulks of information,” Reitblat said. “They are gaining power.”
Nicole Sinclair is markets correspondent at Yahoo Finance.
Please also see:
15% of big US chain restaurant locations were in hurricane-exposed areas
How Apple can prevent the iPhone from going the way of the PC
DACA repeal will conservatively hit GDP by $105 billion over five years, Mark Zandi says
Why $475,000 isn’t actually that expensive for Novartis’ new drug