According to the Payment Fraud Intelligence report, financial fraud underwent significant evolution in 2024. New tactics rooted in artificial intelligence and social engineering emerged as key tools for cybercriminals, leading to an escalation in data breaches and a surge in attacks targeting digital services. Over 269 million payment card records and 1.9 million stolen checks from the U.S. were posted on darknet marketplaces and open web platforms.
The number of Magecart skimmer infections tripled compared to 2023, affecting over 11,000 unique domains. This spike was attributed to the CosmicSting vulnerability (CVE-2024-34102, CVSS score: 9.8) and the widespread use of attack kits such as Sniffer by Fleras. These tools enabled cybercriminals to steal data from online stores stealthily.
In addition to technical exploits, attackers actively deployed fraudulent e-commerce websites. Approximately 1,200 malicious domains were registered over the year, primarily located in the UK and Hong Kong. These platforms employed social engineering tactics and fake seller accounts to deceive buyers and monetize stolen data.
Darknet marketplaces continued to serve as key hubs for selling stolen information and fraud tools. Despite restrictions, Telegram remained a vital channel for hackers to distribute stolen data, including stolen checks. Analysts observed a marked increase in fraud-related activity on Telegram.
Check fraud in the U.S. remains a pressing issue, with over 1.9 million stolen checks shared across the darknet and Telegram. The crimes span the entire country, with the highest concentrations of incidents reported in specific postal zones.
Experts predict a continued rise in attacks involving skimmers and fraudulent websites, particularly as the adoption of digital wallets accelerates. Intercepting OTP codes is expected to become a critical vulnerability in payment systems. Darknet platforms are likely to maintain their prominence, despite law enforcement efforts, while less experienced cybercriminals are expected to dominate Telegram’s fraudulent ecosystem.
To combat these threats, experts recommend several key measures:
- Identifying and addressing vulnerabilities on e-commerce websites;
- Strengthening vetting processes for new sellers;
- Enhancing verification standards for digital wallet creation;
- Leveraging predictive protection and blocking suspicious transactions using Recorded Future’s analytical tools;
- Continuously updating anti-fraud measures and refining internal data-driven protection systems.
The evolution of digital technologies is making fraud increasingly sophisticated, compelling financial institutions and online marketplaces to adopt proactive defense strategies and strengthen collaboration between cybersecurity and fraud prevention teams.
