Fraudsters have always relied on automation—using scripts and bots—to scale up their attacks and maximize the returns with the least possible investment. And with people flocking to digital channels for everyday needs, there is an unprecedented increase in online traffic, which has opened the floodgates of opportunity for fraudsters.
To take advantage of this expanded attack surface and launch sophisticated attacks, fraudsters are leaning heavily on automation. The Arkose Labs’ Q4 Fraud Report reveals that the level of bot attacks was the highest ever recorded during Q3 of 2020. Automated attacks are a big driver of fraud and this will result in a permanent increase in bot attacks, which may well become the new normal.
Recommended eBook: Q4 2020 Fraud and Abuse Report
No industry unscathed from bot attacks
The data from the Arkose Labs Q4 Fraud Report shows that fraudsters continue to deploy bots in order to ramp up the attack levels—across industries. During Q3 2020, there was no industry that could escape unscathed from the scourge of bot attacks. Ecommerce sites, gaming platforms, and workplace collaboration tools, which became tremendously popular for people sheltering in place, are also the industries that have been under siege by bot-driven attacks.
Automated credential stuffing, scraping, in-game abuse, and fake reviews on marketplaces are some examples of malicious activity that fraudsters used bots for in Q3 2020. Another area where attackers used bot attacks was to check the balance on stolen gift cards. Of all these activities, credential stuffing was the most dominant, as fraudsters possess volumes of personally identifiable information—usernames, email IDs, and passwords—which when combined with easily available automated tools, make it ridiculously easy to test thousands of username-password combinations in the blink of an eye.
Recommended Blog: Credential Stuffing Attacks Ramp Up Against Financial Institutions
Gaming platforms witnessed a surge not only in the number of users but also in the number of hours spent, providing fraudsters with a greater window of opportunity to strike. Taking advantage of the increased traffic, fraudsters preferred bot attacks for scale. Nearly 95% of attacks on gaming platforms were automated. These attacks included account takeover, in-game abuse such as farming assets and gold, auction house abuse, disseminating spam, and phishing.
As compared to gaming, technology platforms were less targeted in the first half of the quarter, before ramping up more. Streaming companies were targeted for credential stuffing attacks in Q3 2020, while social media platforms were targets for automated scraping, account takeover attempts, and new fake account registrations. The same was the case with the travel industry, where fraudsters used bot attacks to scrape information and post fake reviews. 97% of the attacks were automated, as attackers refrained from spending much time attacking the travel industry, which is currently reeling under the global travel restrictions.
Recommended Blog: What are bot-driven fraud attacks?
Increase in online traffic—and bot attacks—here to stay
The growth in online traffic is here to stay and so is the use of bots for attacks at scale, which will define the new normal. Businesses are already experiencing holiday-level traffic on a daily basis. They must be able to adapt to and operate effectively in this new normal. They must prepare themselves to handle a surge in bot attacks, while still meeting the evolving expectations of their expanding digital customer base.
As fraudsters leverage advanced bot technologies to launch strategic and sophisticated attacks, businesses, too, will need to step up their vigilance and use robust defense mechanisms that help identify and stop automated attacks. Businesses must realize that the erstwhile normal behavioral patterns will no longer be applicable in the new normal and therefore, they will need to rethink their fraud strategies.
Use targeted friction to keep bots out and let authentic users in
With people becoming habitual to living a largely digital life, fraud teams, all over the world, will need to find a way to put pressure on fraudsters and deflect attacks long term, while continuing to offer a seamless user experience to their customers.
The Arkose Labs platform uses targeted friction to filter out all bot attacks with certainty, which allows authentic users to enjoy the digital services without disruption. To learn why Arkose Labs offers a 100% SLA guarantee for stopping automated attacks, book a demo now.