Vulnerability Management, Threat Intelligence

Growing risks of payment fraud detailed in 2024 report

Safe online payment and electronic money transfer security. Pay with digital technology. Man using credit card and laptop to login to internet bank. Financial safety to prevent scam, threat and fraud.

The Annual Payment Fraud Intelligence Report 2024 warns of escalating payment fraud risks driven by advanced cybercriminal tactics, according to SiliconAngle.

The report, prepared by the Insikt Group, the research division of cybersecurity firm Recorded Future, and based on data from dark web sources, e-commerce transactions, and threat actor behavior analysis, identified e-skimming, scam e-commerce websites, and surges in stolen payment data on illegal web marketplaces as drivers of the trend. Magecart e-skimmers were identified as a critical threat, with infections tripling due to the exploitation of the CosmicSting vulnerability tracked as CVE-2024-34102. The flaw impacted platforms like Adobe Commerce and Magento and enabled attackers to deploy pre-built e-skimmer kits on checkout pages, significantly lowering the technical entry barriers for fraudsters. Meanwhile, scam e-commerce websites also proliferated, as nearly 1,200 domains were discovered to be linked to fraudulent operations in 2024. These scams, tied to accounts in the United Kingdom and Hong Kong, utilized sophisticated tactics like victim screening and one-time password interception, which often spiked during major shopping events. Additionally, dark web marketplaces saw a surge in stolen payment data, with 70 million more records listed in 2024 compared to the previous year, according to the report.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds