Fraud Prevention

Arkose Labs Presents the Q3 Fraud and Abuse Report

September 18, 20195 min Read

Based on real-time analysis of 1.2 billion transactions, the Arkose Labs Q3 Fraud and Abuse Report provides deep insights into the evolving threat landscape across industries and use cases

Rapid digital transformation is making it easier than ever for people to connect with each other on social media, play online games, or shop on digital marketplaces. But, the other side of this transformation is unfortunately not so inspiring. Digital has also resulted in a manifold increase in the attack surface for cyber crime, which makes launching global, automated, and organized attacks at scale easier than ever before.

Risk Landscape is Evolving

It is estimated that by 2021, cyber crime will cost the global economy upwards of $6 trillion surpassing the annual costs for natural disasters and the global drug trade. The connected nature of the global economic ecosystem is facilitating large scale fraud and online abuse. Today, online identity, intent, business, metrics and content can all be faked, which can have serious security and financial repercussions for any business with an online presence, especially as they try to balance risk management with the delivery of exceptional customer experience. Meanwhile, the risk landscape is quickly becoming increasingly complex because fraudsters have easy access to sophisticated tools and resources. This means they can tweak their attack patterns as long as they remain profitable.

The Arkose Labs Q3 Fraud and Abuse Report

To provide deep-dive insights into this evolving threat landscape, Arkose Labs presents the Arkose Labs Q3 Fraud and Abuse Report, which is based on real-time analysis of billions of transactions from actual user sessions. The report sheds profound light on the connected nature of the fraud ecosystem, illustrating how fraudsters deploy different calculated strategies, based on industry and business models, to maximize each attack’s ROI.

Developing Economies Are Becoming Fraud Hubs

The Arkose Labs Q3 Fraud and Abuse Report reveals that one in every 10 transactions is an attack, ranging from automated bots to malicious humans. Of the 1.2 billion transactions analyzed, Arkose Labs finds that automated attacks represent the bulk of the traffic, ranging from large-scale account validation attacks, to bots blocking seats on an airline to scripted attacks that scrape user data and inventory. Further analysis reveals that most attacks from China (59.3%) are human driven, which is more than four times higher than the US, Russia, the Philippines, and Indonesia. In terms of attack origination, the Philippines is the leader followed distantly by US, Russia, UK, and Indonesia.

One of the key revelations of the Arkose Labs Q3 Fraud and Abuse Report is the quick metamorphosis of developing economies as fraud hubs due to the easy availability of sophisticated tools, cheap manual labor, and good economic incentives associated with online fraud.

Industry-specific Highlights

The Arkose Labs Q3 Fraud and Abuse Report provides interesting insights into the attack patterns and modus operandi according to each industry.

The key findings according to the industry segments are:

Social Media: More than 75% attacks on social media are automated bot attacks. The primary motive of attacks on social media are to harvest rich personal data from legitimate user accounts. Interestingly, unlike other industries, account takeover attacks are more common for social media, with logins twice as likely to be attacked than account registrations.

Technology: The technology segment is heavily targeted by human click-farms and sweatshops, which employ a large group of low-paid workers hired specifically to make fraudulent transactions or create fake accounts. The Arkose Labs Q3 Fraud and Abuse report finds that 43% of all attacks on technology companies are human driven and account registrations for tech companies are four times more likely to be attacks than logins.

Financial Services: Fraud in the financial services segment varies by season and time of the day. Arkose Labs observes that 9% of the total login attempts are fraudulent with a third coming from human driven attacks. These attacks focus on taking over a legitimate user’s account to transfer funds or sign up for fraudulent purchases. Fraudsters also mimic the daily traffic patterns and launch attacks during traditional business hours.

Travel: Payment transactions in the travel industry are at a 10-fold risk of attacks, especially from automated bots looking to block inventory, leading to denial of inventory attacks or a significant increase in ticket price. Arkose Labs finds that almost 10% of all login attempts on travel sites are fraud and 46% of all payment transactions for travel are fraudulent.

Retail: The retail industry has emerged as an interesting case, attracting the highest volume of sophisticated human driven attacks—at more than 50%. This also makes detecting inauthentic human traffic harder as, unlike bot traffic, human behavior is unpredictable and highly nuanced.

About the Report

With its Q3 Fraud and Abuse Report, Arkose Labs provides deep insights into an ever-evolving threat landscape. The report is a result of an in-depth analysis of attack patterns uncovered from over 1.2 billion transactions spanning account registrations, logins and payments from financial services, ecommerce, travel, social media, gaming and entertainment in real-time. The Arkose Labs Q3 Fraud and Abuse Report is based on actual user sessions (transactions) and attack patterns that were analyzed by the Arkose Labs Fraud and Abuse Prevention Platform between April 1, 2019 and June 30, 2019.

For more information, please visit: