What Fraudsters Like?

Filter by Tags

HumanBehavior (46) OrganizationAtRisk (39) SocialEngineering (28) Cyber (24) TechnologyRisk (22) DeviceSecurity (21) InsiderThreat (15) SocialNetworks (12) Crypto (9) AIEnabled (7) Compliance (6) GamingSecurity (5) Cloud (5)
#WhatFraudstersLike #CyberAwareness #CredentialStuffing #RepeatVictimization #CybersecurityEducation #LetsTalkFraud
📚 References & Further Reading

Fraudsters Like To Stay In Touch!

Think you’re safe after surviving one scam? Think again. Once attackers have your details, they don’t just move on. They “stay in touch” - either directly or by reselling your information. That’s why victims often see repeated attacks, sometimes within days.

The Repeat Attack Playbook:

📧 Credential stuffing - Leaked usernames and passwords are immediately tried on other services. One breach often unlocks multiple doors within hours of a data dump.

🛒 Dark-web resale - Fresh credentials fetch premium prices (up to 10x more than aged data) and are reused by multiple criminal groups, meaning more attackers will try their luck with the same victim.

🔁 Repeated phishing efficacy - Studies show that over 60% of people who fall for one phishing email are likely to click again.

👴 Elder re-targeting - Research tracking 1.33 million scam victims over 20 years shows victims in their 70s and 80s are 9% more likely to experience repeat victimization than those in their 50s.

📊 Freshness factor - Newly stolen credentials command higher prices on cybercrime markets and drive rapid follow-up attacks. According to security researchers, fresh data breaches see exploitation attempts within 24-72 hours.

The numbers are eye-opening. In one large-scale study of phishing simulations, nearly 67% of employees who clicked once went on to click again in later tests. In a long-term study of scam victimization, older adults were found to be significantly more likely to experience multiple fraud attempts over time. Fraudsters clearly understand this - fresh victims are often the most profitable repeat targets.

🚨 So what’s the defense?

For individuals: use unique passwords, reset shared passwords fast after fraud attempt, enable MFA, monitor for breach alerts, and be skeptical of “follow-up” scare emails.

For organizations: detect credential stuffing, enforce resets after breaches, use behavioral analytics, and train staff that lightning can strike twice or thrice.

The good news? Knowing this pattern exists is half the battle. Victims who understand repeat targeting are 60% more likely to spot and report subsequent fraud attempts, according to FBI data.

Filter tags: 🏷️ HumanBehavior 🏷️ SocialEngineering 🏷️ OrganizationAtRisk 🏷️ Cyber 🏷️ SocialNetworks
📚 4 references
1 min read January 1, 2024
← Previous Post 49 of 60 Next →