CONTINUE TO SITE »
or wait 15 seconds

Blog

Disposable email accounts: A new way for crooks to victimize FI customers?

September 27, 2013 by Dan Kramer — Senior Vice President, Marketing & Merchant Servic, SHAZAM

Fraudsters are constantly finding new ways to defeat the online protections financial institutions have created. Guardian Analytics, a behavioral analytics fraud prevention software developer, has identified the disposable email address as one of several new tools fraudsters are using to bypass safeguards FIs have enacted to protect their customers' money.

In fact, according to Guardian estimates, 30 percent of fraud cases that involved a changed email address were conducted with a DEA.

In order to avoid an inbox overrun by spam, some consumers have started using DEAs. They may, for example, create a DEA when purchasing a product online to avoid receiving unwanted emails from the seller.

According to Guardian, there has been an increase in fraudsters using DEAs to execute fraudulent transactions that require email verification. This is because some DEA providers do not require participants to go through a full registration process in order to create an account. Instead, the account is automatically created when an email is received to the address.

After a period of inactivity, the account is often automatically removed from the providers' servers. This makes it very difficult to trace the owner of the address, and makes these email accounts excellent weapons for fraudsters.

Fraudsters begin by stealing login credentials. They then change the email address associated with an account to a disposable address. After that, they initiate a transaction that requires email approval, such as a wire transfer. The email confirmation goes to the disposable address and is then approved by the fraudster.

Another scam fraudsters are pulling off through DEAs involves intercepting the legitimate email communications FIs send to make customers aware of changes to their accounts.

Educate your customers and staff of this emerging risk, and remain vigilant in your efforts to monitor DEA fraud schemes as they unfold. Any time your FI notices a customer has changed his or her email address, enact a process to determine whether it is, in fact, a disposable one.

FI staff should familiarize themselves with DEA service providers, so they can more easily spot a DEA when it's created. Also, watch for any email-confirmation transactions initiated from the account shortly following an email change.

Make it a priority to provide ongoing consumer education regarding these social engineering schemes, specifically reminding your customers never to ignore email alerts sent by your FI. Also, encourage your customers to be on the lookout for changes they did not initiate or authorize to their account.

Read more about security.

About Dan Kramer

None

Connect with Dan:

Related Media

Security
Examining biggest ATM security issues and 4 strategies to prevent them
Security
Banking privacy: 5 benefits for banks, customers
Security
Protecting an ATM's hardware, software by slowing down criminals
On-Demand Webinar
A Masterclass in ATM Security: Global Best Practices and Trends
Presented by Diebold Nixdorf
Recent Posts
Nymeo Federal Credit Union wins recognition as 1 of the best workplaces in Maryland
ParaScript intros verification solution for checks
SEC accuses former ATM businessman Daryl Heller of funneling $185M from investors
Fifth Third named as top veteran friendly employer
DC AG sues Bitcoin ATM operator Athena Bitcoin for allegedly exploiting scam victims


©2025 Networld Media Group, LLC. All rights reserved.
b'S2-NEW'