With the end of the year approaching it’s not just holiday season it’s also predictions for the year ahead time and chief in those predictions will be what cybersecurity firms have to say for the enterprise security space for the year ahead.

Big Data security analytics startup DataVisor, Inc. is set to release a full report on their Top 5 Online Fraud Predictions for 2016 on Monday, November 23, and, fortunately, the good folks at the company have given SiliconANGLE an early look at what is going to be in the report.

Here’s what DataVisor predicts will be the top 5 online fraud targets for the year ahead.

Social sites will become bigger targets as lines between social and e-commerce blur

The company believes that the inclusion of e-commerce functionality (such as buy buttons) on social networking sites including Pinterest, Facebook and Twitter will result in these sites being targeted more by fraudsters looking to conduct fraudulent transactions.

A spike in the overall amount of e-commerce on social networking sites will also make it easier for malicious campaigns to hide among the billions of legitimate social users.

EMV cards & digital wallets to shift more fraudulent credit card attacks online.

The company predicts that 2016 will be a record year for Card-Not-Present fraud, a type of credit card scam in which the customer does not physically present the card to the merchant during the fraudulent transaction and is conducted online or over the phone.

DataVisor believes the increasing adoption of the new EMV cards (cards with chips in them) and new digital wallet solutions such as Apple Pay and Google Wallet will see fraudsters moving online to monetize fake and stolen credit cards.

The prediction is dire, with the company saying that they expect to see “a perfect storm” in 2016 that is bound to result in a high level of fraudulent transactions, powered by three trends:  a significant increase in e-commerce websites and mobile apps, growing comfort among consumers to transact online, and the adoption of EMV cards and digital wallets.

Global O2O wars will increase the rate of user acquisition promotion fraud.

The rapid growth in Online-to-offline (O2O) companies such as Uber, Inc. and others will see money spent not only for promotions to attract new drivers and users, but also an rapid increase in user acquisition fraud, where drivers make hundreds to thousands of dollars per month in subsidies by registering multiple driver accounts and conducting fake rides.

DataVisor believes the combination of strong financial incentives and the wide availability of mobile hacking tools such as mobile emulators and GPS location fakers create an ideal environment for this type of fraud to continue to grow in 2016.

Account takeovers will rise as result of continued large data breaches

2015 has been a huge year for hacking and subsequent data breaches with companies large and small being targeted by what DataVisor describes as an era of “peak data breach”.

The bad news is that the company predicts that in 2016 bad actors will increasingly look to monetize stolen user credentials and credit cards via fraudulent credit card attacks, and even account takeover campaigns that lead to identity theft that could drain the bank accounts of those who have had their data stolen.

Cyber attackers will move to the Cloud

“Businesses and consumers are not the only ones moving to the cloud,” DataVisor claims in the report. “In 2016, we expect to see the continued migration of cyber attack infrastructure to the cloud, as cloud services become more pervasive and cost-effective.”

Services including AWS, Azure and Google Cloud are said to already be victims as fraudsters register a massive number of free, trial accounts and use their computation infrastructure to conduct attacks.

Other cloud services including dedicated/virtual hosting provided by companies such as OVH, Quadranet, Ubiquity Hosting, and others, along with anonymous proxies will also become increasingly common among online criminals as the big players continue to find ways to reduce the ability for the fraudsters to utilize their services.

“In order to protect yourself from attacks launched from the cloud, you need to go beyond simple IP reputation databases and rules/models-based systems to detect these well-organized attack campaigns, since one cannot naively block traffic from the cloud infrastructure,” the report notes.

“In fact, in our observation, the traffic from cloud infrastructures are highly mixed with both good user and bad user activities. The industry needs to change to more advanced solutions that can distinguish malicious traffic emitted from cloud infrastructure precisely.”

Image credit: 97810305@N08/Flickr/CC by 2.0