The Arkose Labs Q4 Fraud and Abuse Report provides new insight into the socio-economic drivers behind increasing fraud attack rates, with 14% of all transactions on the network identified as fraud.
The year 2019 is shaping up to be the biggest on record for data breaches with long-lasting repercussions for digital businesses being felt far and wide. The digital economy has made the world more connected than ever before, but this is allowing cybercriminals to take advantage of disparities in global wealth to turbo-charge their fraud operations.
The growth of cybercrime has created a parallel ecosystem of businesses that support this activity and shares in the profits. An array of services—identity farms, click farms and money mule networks—have sprung up to support and fuel large scale, organized fraud.
Enabling fraudsters to tap into this support system, without cutting into profit, are disparities in wages and cost of labor, differing costs of living and the comparative purchasing power of different currencies. These factors mean that fraudsters have access to cheap resources and services provided by individuals with high incentive levels to get involved in cybercrime.
As a result, the risk landscape is evolving faster than ever before and becoming increasingly complex. The Arkose Labs Q4 Fraud and Abuse Report is a deep-dive into the motivations, modus operandi, strategies, and business models of the fraudsters worldwide. Our analysis reveals that businesses are being targeted with more intense volumes of attacks.
The peak attack levels have grown by 25% over the last quarter, which can be attributed to the availability of fresh user data on the back of recent breaches. The impact of these breaches has translated directly into an increase in account origination and login attacks from emerging economies. Fraudsters are showing greater focus on defrauding the businesses and their users through fraudulent account registrations, account takeovers or payments using stolen credentials.
Spike in Human-Driven Attacks from Digital Sweatshops
Our report is based on an in-depth analysis of 1.3 billion transactions across a range of parameters. It closely investigates the mechanics of inauthentic attacks as they range from automated bots to human or sweatshop-driven attacks. Our analysis reveals that half the attacks from Russia and China are human-driven. This underscores the trend that while automated attacks still constitute the bulk of all attacks, the rate of human-driven attacks is growing—whether lone fraudsters, click farms or sweatshops. This is largely because the success rate of automated attacks is declining, and improved access to cheap human sweatshop resources..
The US emerged as the top attacker this quarter, while Russia, Venezuela and India emerged as the new hubs. Philippines and China registered a decline from the previous quarter, but they continue to have the highest number and percentage of human-driven attacks.
Arkose Labs' Attack Incentive Index
The Q4 Fraud and Abuse Report debuts our Attack Incentive Index (AII), which provides fresh insight into the economic motivation behind cybercrime in countries across the globe. The AII is based on the regional economic indicators combined with Arkose Labs’ data on known attacks.
When the incentive levels are higher, fraudsters have stronger economic drivers pushing them into fraud. They also have a greater propensity to invest more resources in an attack while still preserving the return on investment (ROI). The AII can, therefore, provide valuable insights into the effort fraudsters are willing to expend on attacks and can help businesses craft strategy around authentication and targeted friction.
Repercussions Across the Industries
The impact on this global cybercrime ecosystem is manifesting itself differently depending on the industry. Some key industry-specific trends are emerging, depending on the use case and potential for monetization. Fraudsters are experimenting with the best mix of human and automated attacks to evade defenses, while protecting profits.
Finance: This quarter, overall attack levels within finance grew 15%. The biggest growth came from human-driven attacks.
Technology Platforms: There was a huge spike in attacks on account registrations, both from automated bots and humans, this quarter. Account registrations were around nine times more likely to be attacks compared to login attempts.
Gaming: The attack levels for gaming grew 30% over last quarter. Most of the growth came from new account registration attacks, which grew over 70%.
Social Media: The overall attack rates fell on logins this quarter due to automated attacks. Human-driven attacks on logins, however, grew 15% over the last quarter. Fake account registration attacks more than doubled over the previous quarter.
Retail and Travel: This quarter the attacks on retail segments increased sharply, primarily fueled by access to fresh consumer data due to major data breaches. Account takeover attacks in retail and travel segments increased 30% compared to the previous quarter as companies increasingly look to encourage users to set up accounts and store payment details.
For more in-depth insights into the latest fraud trends and the impact on your industry, read the Arkose Labs Q4 Fraud and Abuse Report. Download your copy now.