Close this search box.

Fraud Teams’ Most Critical Blind Spot: Malware-Infected Consumers


Consumers inherently rely on the organizations they do business with to keep their account(s) safe. Yet they continue to practice poor security hygiene that puts them at risk of account takeover and fraud, like reusing passwords across multiple sites and unknowingly clicking on malicious links that infect their machines with info stealing malware. Online fraud threats have skyrocketed in recent years, with losses now predicted to exceed $206 billion by 2025.

What is fueling these trends? We’d argue the fresh, accurate data stolen by malware plays a key role in criminal’s ability to impersonate users and access existing accounts to commit online fraud.

Unfortunately, detecting malware-infected consumers is a critical blindspot for security and fraud teams within an organization. To better understand the impacts malware can have on your business, let’s examine the invasiveness of infostealing malware and the implications these infections have on your customers and your bottom line.

Malware: The Fuel for Online Fraud

As malware becomes more sophisticated, so do the social engineering and tactics fraudsters use to take advantage of victims. Malware can often be hard to detect, yet easy to fall for. In an environment where families share devices for both personal and professional use, just one wrong click can put the whole household at risk of a malware infection that steals everyone’s data right off the device. And now, there are strains of malware that can infect your device, steal your information, and then auto delete itself without a trace. Even if your anti-virus software catches the malware and removes it, chances are the data siphoned from your device is on its way onto the criminal underground if not already being traded and sold before you’re even aware of the infection.

Malware provides a treasure trove of stolen information ripe for a criminal’s use. Here are just some of the types of data criminals can steal, making them virtually indistinguishable from your customers.

Login credentials

Browser fingerprints and session cookies

Payment details like credit card numbers that include expiration and CVV

Banking information

Access to cryptocurrency and bitcoin

PII (Name, Address, SSN, DOB, etc.)

With this data in hand, criminals use it to perpetrate online fraud:

Leveraging compromised credentials to launch account takeover attacks

Importing stolen session cookies and browser fingerprints into anti-detect browsers to perform session hijacking, bypassing MFA and gaining unauthorized access to accounts

Using stolen personal and payment information for card not present and true name fraud

Opening fraudulent accounts with synthetic identities constructed from stolen PII

And if they’re not using the data for their own gain, they’re likely selling or trading the data on the darknet to enable others to commit fraudulent activities. Having insights into malware-infected customers, compromised credentials, and stolen session cookies can help businesses strengthen their account takeover and fraud prevention frameworks while keeping consumer accounts safe.

Ecommerce Marketplace Uses Darknet Data to Reduce Fraud

Accounts taken over by bad actors cause headaches for the customer and the business. When a global mobile ecommerce marketplace noticed a spike in the fraud rate for the Latin American region, they sought an innovative solution to combat ATO and reduce fraud losses.

The organization implemented SpyCloud to leverage recaptured data from the darknet to identify risky accounts using compromised credentials. Whether acquired via malware infections or data breaches, these credentials can be used to take over accounts and cause significant financial impacts. With SpyCloud’s industry-leading solutions, the ecommerce marketplace saw a 90% reduction in ATO in the Latin America region, which accounts for 50% of the company’s fraud activity in that area, and as a result, avoided $1 million in fraud losses. With the success in reducing ATO fraud activity in the LATAM region, the marketplace rolled out SpyCloud across the entire platform to protect all user logins.

“Since SpyCloud recaptures credentials directly from the criminal underground, we now have a level playing field with fraudsters – with the same data, we can easily identify compromised consumers and be more proactive in protecting them.”

-Director of Risk Management, eCommerce Marketplace

Know What Fraudsters Know About Your Customers to Prevent Online Fraud

Leveling the playing field with fraudsters starts by using darknet data to your advantage and acting on what criminals know about your business and consumers.

First, you have to know your consumers are at risk to be able to protect them. Having the ability to identify malware-infected users is the first step in protecting both your consumers and your bottom line. The payload from malware provides the criminal network with everything needed to impersonate your customers for fraud, commit ATO and session hijacking attacks, drain loyalty accounts, and spin up new synthetic or mule accounts.

Backed by more than 350+ billion assets (and growing monthly) recaptured from the darknet, SpyCloud’s Cybercrime AnalyticsTM Engine powers our account takeover and fraud prevention solutions and gives actionable insights on malware-infected devices, compromised credentials, and stolen sessions being used by consumers. We have the ability to detect and link exposed data and PII to your customers, easily identifying if they have been infected with malware and their data has appeared in a botnet log in the criminal underground.

Our account takeover and fraud prevention solutions go beyond detecting malware to fully protect your consumers. Retailers use SpyCloud’s anti-fraud solutions to detect a user’s risk from the very beginning at account creation, then logins, and all the way through to transaction, as well as identifying stolen session cookies and compromised credentials used to access accounts and perpetuate fraud.

Reduce fraud by ensuring your customers are who they say they are with SpyCloud Fraud Prevention solutions.

Recent Posts

Check Your Company's Exposure

See your real-time exposure details powered by SpyCloud.

Meet SpyCloud at Black Hat — Booth #4424!   Book a meeting →

Close this search box.