The 2024 Payment Fraud Intelligence Report from Recorded Future reveals a significant rise in fraud activities, particularly in stolen card data and e-skimmer infections. Key trends indicate that fraudsters are increasingly exploiting modern payment technologies and social engineering tactics. Predictions for 2025 suggest a continuation of these trends, emphasizing the need for enhanced security measures among financial institutions and merchants. Affected: dark web, clear web, e-commerce platforms
Keypoints :
- 269 million stolen card records were posted on dark and clear web platforms in 2024.
- 1.9 million stolen US bank checks were also reported.
- Magecart e-skimmer infections surged to nearly 11,000 unique domains.
- CosmicSting vulnerability (CVE-2024-34102) contributed to the increase in e-skimmer infections.
- Nearly 1,200 scam domains were linked to fraudulent merchant accounts.
- Dark web marketplaces remain crucial for fraud activities, offering stolen data.
- Predictions for 2025 include increased digital e-skimming and persistent check fraud.
- Mitigation strategies include enhancing merchant onboarding and validation processes.
MITRE Techniques :
- Credential Dumping (T1003) – Exploitation of vulnerabilities to obtain card data.
- Data Encrypted for Impact (T1486) – Use of stolen data for financial gain.
- Exploitation of Remote Services (T1210) – Magecart infections via vulnerabilities like CosmicSting.
- Social Engineering (T1598) – Tactics used in scam e-commerce websites.
- Account Manipulation (T1098) – Fraudulent acquisition of merchant accounts.
Indicator of Compromise :
- [domain] scammerwebsite1.co.uk
- [domain] fraudmerchant.hk
- [url] http://ecommerce-scam.com
- [file name] Sniffer by Fleras
- Check the article for all found IoCs.
Full Research: https://www.recordedfuture.com/research/annual-payment-fraud-intelligence-report-2024