Queensland named as hotbed for eCommerce fraud in new scam data

eCommerce fraud is on the rise and small businesses need to remain vigilant so they do not fall prey to the growing number of scams being run from every part of the country, new data released by security firm RSA has revealed.

The data, which was collected from two million credit and debit cards, has found eCommerce fraud is being perpetrated in all parts of the country and that Queensland is one of the most popular locations for criminal activity.

And RSA security specialist Mason Hooper says small businesses in these areas aren’t immune either, warning many of the Trojans the company has identified are targeted towards SMEs.

“Small businesses have been targeted directly, and security in these companies needs to be as big of an issue as it would be in larger firms as well,” he says.

The data shows Queensland was the most popular spot for fraud, with 1.4% of cases showing criminal activity. Victoria followed with 1.3%, New South Wales with 1.1%, Western Australia with 0.5% and South Australia with 0.5%.

The Australian Capital Territory and Tasmania were the states with the least amount of fraud, recording 0.4% and 0.3% instances respectively.

But Mason says the issue is not how much fraud was being recorded, but rather where it is occurring. In Queensland, for example, most of the fraud is occurring in Sandgate, not the more populous locations such as Brisbane or the Sunshine Coast.

In New South Wales, the suburb of Fairfield accounts for 6.9% of fraud, while Gosford and Hurstville follow closely with 5.4% and 2.1% respectively. North Ryde and Hay are next, with 2% and 1.5%.

In Victoria, Sunshine accounts for 3.1% of eCommerce fraud, the most of any suburb, while Melbourne city accounts for 1.1%. Sunbury and East Burwood are next, accounting for 0.3% and 0.2% of eCommerce fraud.

“I think that’s the most striking. You see suburbs like Hay and North Ryde pop up here, so you know the eCommerce fraud isn’t just happening in the major locations.

“What happens is that more people know everybody in these smaller communities or suburbs, and so when a person is hit with an infected file it gets spread around fairly quickly,” Mason explains.

Mason says credit and debit card numbers are obtained by malicious software installations, usually caused by malware. Scammers create a link or promote an “interesting video”, prompting users to click on an infected file. Once this happens, silent software allows the scammer to steal data.

And Mason says some of these schemes designed to trick users into handing over their credit card data are becoming more elaborate.

“Many times we’re seeing these work-from-home type packages being sold to people, and they become money mules for banking. Some are told they have to be a freight forwarder, told to receive goods at their home and then pass it on.”

Once criminals obtain these credit card numbers, Mason says they are most often used to pay high-priced goods, such as airline tickets, iPads and other gadgets. “We see a lot of laptops,” he says.

The answer, he explains, is security. Internet browsers need to be aware these types of fraud exist, and aren’t just originating from overseas.

“Users need to be vigilant in keeping their machines up-to-date with anti-virus and anti-spam software, and they also need to check their credit card statements regularly.”

Mason adds checking credit card statements is especially crucial for businesses, many of which require credit cards to manage daily expense.

“Small businesses have been targeted directly with these types of attacks before. They need to be equally vigilant in buying at least some protection to put in place, along with spam protection.”

“Whenever you make a purchase online, be careful.”