A new report out today from the Insikt Group, the research division of Recorded Future Inc., highlights the growing risk of fraud payments through 2024.

It’s driven by the increasing sophistication of cybercriminal tactics, including digital e-skimming, scam e-commerce websites and surges in stolen payment data on dark web marketplaces. The Annual Payment Fraud Intelligence Report: 2024, based on an extensive analysis of Recorded Future’s Payment Fraud Intelligence datasets, incorporates data from dark web and clear web sources, e-commerce transaction analysis and insights into threat actor behaviors and tactics.

The report identified Magecart e-skimmers as a critical threat through last year, with infections surging threefold thanks to the “CosmicSting” vulnerability, designated CVE-2024-34102. The Magecart vulnerability affected e-commerce platforms, including Adobe Commerce and Magento, and was exploited by attackers using pre-built e-skimmer kits to target payment forms on checkout pages. The ease of deployment offered by these kits lowered technical barriers, making the attacks more pervasive.

Scam e-commerce websites were also found to have emerged as a growing concern through 2024, with nearly 1,200 domains linked to fraud networks. The scams were found to be tied to merchant accounts based in the U.K. and Hong Kong and used increasingly sophisticated tactics such as victim screening and onetime password interception. Not surprisingly, the scam saw “seasonal spikes” during major shopping events that amplified the reach and success of the fraudulent operations.

Stolen payment card data was found to have surged on dark web marketplaces last year, with 70 million more records posted for sale in 2024 than in 2023. Most of the data came from card-not-present transactions, reflecting vulnerabilities of online payment systems. The report noted that Telegram saw declining volumes of reposted data last year but remained a significant source for unique stolen records.

On the stolen payment card data side, the report also highlights the persistent vulnerability of restaurants and e-commerce platforms as common points of purchase for compromised card data. Breaches in these sectors continued to impact the broader e-commerce ecosystem through 2024, with platform breaches noted as being particularly concerning due to their ability to compromise multiple merchants simultaneously.

The report also highlights how threat actors are increasingly adopting anti-fraud technologies for malicious purposes, including leveraging artificial intelligence to enhance verification bypass techniques and create synthetic identities.

The report makes a number of predictions, but none is positive. The report’s authors predict that digital e-skimming and scam e-commerce will dominate fraud incidents in 2025. Dark web marketplaces are expected to remain central to payment fraud. And Telegram will continue to attract less experienced attackers.

Image: SiliconANGLE/Ideogram