Growing risks of payment fraud detailed in 2024 report

The Annual Payment Fraud Intelligence Report 2024 warns of escalating payment fraud risks driven by advanced cybercriminal tactics, according to SiliconAngle.

The report, prepared by the Insikt Group, the research division of cybersecurity firm Recorded Future, and based on data from dark web sources, e-commerce transactions, and threat actor behavior analysis, identified e-skimming, scam e-commerce websites, and surges in stolen payment data on illegal web marketplaces as drivers of the trend. Magecart e-skimmers were identified as a critical threat, with infections tripling due to the exploitation of the CosmicSting vulnerability tracked as CVE-2024-34102. The flaw impacted platforms like Adobe Commerce and Magento and enabled attackers to deploy pre-built e-skimmer kits on checkout pages, significantly lowering the technical entry barriers for fraudsters. Meanwhile, scam e-commerce websites also proliferated, as nearly 1,200 domains were discovered to be linked to fraudulent operations in 2024. These scams, tied to accounts in the United Kingdom and Hong Kong, utilized sophisticated tactics like victim screening and one-time password interception, which often spiked during major shopping events. Additionally, dark web marketplaces saw a surge in stolen payment data, with 70 million more records listed in 2024 compared to the previous year, according to the report.