The Rise of “Sleeper Cell” Accounts and Fraud

As fraud methods become more advanced, the fraudsters behind it are keeping pace. Recently, a common tactic has emerged where criminals are leveraging account takeover or account creation by “aging” accounts before monetizing them.

A March report compiled by antifraud technology provider DataVisor, provided insight into how fraudsters are hiding amongst us inside consumer websites and mobile apps, using “sleeper cell” accounts to commit fraud. The extensive report was comprised of data mined from over one billion Internet users across 172 countries and analyzed more than one billion customer accounts, finding 50 million malicious ones.

How do sleeper cell accounts work? For starters, sleeper cell accounts are harder to detect than typical fraudulent accounts because they lie dormant for extended periods of time before being activated. 44% percent of all accounts that have been compromised that will eventually be used to commit fraud, “sleep” for at least seven days before an attack, according to DataVisor. Additionally, 37% of these accounts are not used on a continuous basis by fraudsters for at least three months. The longer an account is open, the more trusted it becomes, through the eyes of merchants and fraud prevention systems. This makes for an ideal fraudulent and sleeper cell environment.

“The fraudsters are becoming adept at looking like normal users,” said Yinglian Xie, CEO and co-founder of DataVisor, “and it’s clear from our research that they are increasingly sophisticated and using the latest technologies available to skirt detection.”

Additional findings of the DataVisor Online Fraud Report:

• 82% of fake accounts originated from desktop machines, compared to only 18% from mobile platforms.
• Malicious accounts are 7 times more likely to use cloud services than normal users.
• The fraudulent account armies targeting social platforms are 17 times larger than those targeting financial services.

To put things into perspective, Banking Exchange estimated losses of $28.5 billion worldwide in 2016 due to sleeper cell fraud and $114 billion over the last five years, which is enough to underwrite the U.S. Department of Education’s entire budget of $70 billion.           

Signs of Potential Sleeper Cell Fraud

In their comprehensive 2016 report, Banking Exchange discussed the difficulties that financial institutions face in detecting fraud of this type because it’s basically a different type than they usually watch for. Because the collections departments of most financial institutions can’t categorize sleeper cell accounts as fraudulent (just yet, anyway), many cases go undetected. Regardless, the financial impact is major to not only card holders but issuing banks as well.

As the banks attempt to get better at identifying this type of fraud, simply being vigilant is the most important thing a cardholder can do. What are the signs of potential sleeper cell fraud?  

• Changes that have recently been made to the account – change of address and phone number, for instance, that weren’t reported by the original account holder.
• A credit card account in good standing with a low or zero balance – especially one that a customer has had for years is suddenly maxed out.
• A credit card account that is not used often (generally no purchases for months at a time, sometimes even years) that has multiple purchases in a short time span.

While fraud comes in many forms, sleeper cell fraud is quickly becoming one of the more popular types among fraudsters. In order to keep up, banks and other financial institutions will need to beef up their security and anti-fraud measures. Card holders will also need to be proactive when it comes to monitoring their accounts, notifying the issuing bank of any suspicious activity. Until advanced measures can be instituted, such methods might be the only thing able to protect the security of millions of accounts.