In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud.
Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat.
Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through keystroke analysis.
A rising threat
As Fraud detection methods become more and more accurate, fraudsters have moved from account takeovers (ATOs) from a third-party device to on-device fraud. This can be done either by a legitimate remote access tool (RAT) or by one developed by fraudsters.
Trusteer’s customer data analysis shows that RAT device takeover has become a prevalent form of fraud, constituting a significant proportion of browser-based fraudulent activities in the U.K. and Australia.
This modus operandi started in English-speaking countries and then moved to Spain and Latin America. It has recently surfaced in France and Japan, where it was previously unreported.
Modus operandi: The classic tech support scam
A popular method fraudsters use involves a legitimate RAT, such as Team Viewer or AnyDesk, which allows them to access the victim’s device remotely. These frauds typically involve a social engineering component to convince the user to install the tool and allow the fraudsters to access their device.
Most tech support scams follow these steps:
Step 1: A user is browsing online and is redirected to a malicious website with a pop-up claiming that the device has been infected with malware. The pop-up contains a phone number to a rogue technical support team that can “assist” with “cleaning” the device.
S ..
Support the originator by clicking the read the rest link below.
