The year in fraud: 2015 in 13 numbers
Recent estimates of the percentage of merchants that lack the new EMV, or “chip and PIN” payment terminals ranged from 50 percent to as high as 75 percent. Card issuers doing better – that 70 percent will have issued EMV-enabled cards by the end of the year.
After security researchers remotely disabled a Jeep by hacking into its software for a WIRED magazine story, Chrysler recalled 1.4 million vehicles. Unlike with a traditional recall, though, owners didn't need to take their cars back to the dealership. They could download the patch onto a USB drive, then upload it into their cars.
Cheaters beware: in July, a group calling themselves Impact Team released 8.68 GB of data about who used AshleyMadison.com, which promised to help married people have affairs, for anyone to see. The data included customer email addresses, sales and marketing data. The data not only revealed who was using the site (including some politicians), but also questioned whether women using the site were real.
Expanded charges link three men to last year’s JPMorgan hack, as well as other incidents, which impacted 83 million households. In court documents shared with CSO Online, the prosecutors say that between 2012 and 2015, the three pulled off "the largest theft of customer data from a U.S. financial institution in history" by stealing the personal information of more than 100 million people.
In 2012, an encrypted laptop was stolen and along with it information on 8,883 patients from EMC and Hartford Hospital. Why include it in a 2015 round up Because it wasn't until this year that the companies (EMC the contractor and Hartford Hospital, well, the hospital) agreed to pay $90,000 to the state of Connecticut for the breach. The laptop was stolen from the home of an EMC employer and has never been recovered. In the agreement, EMC and the hospital did not admit any potential violations HIPPA.
Exploit kits are the hot thing with criminals right now. Activity on four such kits that make up 96 percent of activity increased by 75 percent in the third quarter of this year compared to the same time last year according to the Infoblox DNS Threat Index. The kits are used to create malicious DSN infrastructure.
The IRS hasn't had a great year: in May they announced that more than 100,000 taxpayers had their information stolen. Then in August, they added another 220,000 people to that roll and put their total estimate at 324,000 poor souls. Hackers made their money by filing fraudulent tax returns and taking refunds before the real taxpayer can file and claim the money they're owed.
When United Airlines announced is bug bounty program, they got a response from Randy Westergren. And then…well, he says that the airline waited six months to implement the fix, and only did so after he threatened to out the vulnerability. The hole allowed hackers change anything about another passenger's reservation, and was (finally) patched on Nov. 14.
Phishing via your home email address to get a hold of your personal information became so passé in 2015. Instead, hackers targeted business email addresses with the hopes and tapping into corporate coffers. They had some success: $215 million of it, according to the FBI.
When looking that what could be identifying factors for a fraudster trying to shop online with someone else's information, Sift Science found the highest rates of fraud among users ages 85 to 90 years old. This doesn't mean senior citizens are suddenly becoming super criminals. Most likely, fraudsters are pretending to be seniors so they appear to be trusting.
Hackers are good – and fast. According to the Verizon 2015 Data Breach Investigations Report, hackers were able to compromise an organization within minutes 60 percent of the times they tried. In more than 75 percent of cases, the time to discover such breaches took days. This delay shows why such attacks can go from bad because they happened to worse because organizations didn't know about it right away.
In April, 25 suspected criminals who stole over $15,000,000 ran smack into the law. Romanian authorities detained the group, who allegedly hacked into banks and cloned payment cards. In one instance, they took $9 million from ATMs in Japan. Authorities might not have gotten everyone though. They the group has more than 52 members.