Acceptance of the hybrid work model means more and more organizations are now relying on a number of digital tools and cloud-based platforms for collaboration. These platforms make it convenient for users to access information from anywhere and anytime; and are becoming popular.
The growing popularity of these enabling platforms and an increase in the number of users is attractive to bad actors, as they can find more opportunities to attack. Our research reveals that during the first quarter this year, bot attacks on technology platforms rose 25% over last quarter (Q4 2021).
Attackers Target Account Registrations and Logins
To attract new users and increase their consumer base, many technology platforms offer incentives such as cash, coupons, free server resources, limited period access to premium services and so on. These incentives are lucrative to bad actors as well, who create fake new accounts in hordes to exploit these rewards. In Q1 2022, fake account creation was the top attack vector for technology platforms with a whopping 97% of these fraudulent accounts targeting crypto mining.
Bad actors also resort to account takeover attacks. They use manipulated digital identities and stolen username-password combinations to take over the accounts of authentic users. They can then use the compromised accounts to disseminate spam, spread malware, and engage in phishing campaigns. According to our analysis, automated account takeover attacks were 30% higher in Q1 2022 than the average over the past three years.
reCAPTCHA Weakens Defenses and Slows Down Growth
Automated attacks, whether fake new account creation or account takeover, allow attackers to achieve scale and maximize returns at the least possible investment. However, they are also quick to mobilize resources, such as switching over to human click farms, when bots encounter typical defense mechanisms like Google reCAPTCHA.
Although businesses are making investments in fraud defense solutions, attackers have successfully managed to trump them by studying these solutions and devising new evasion tactics.
Technology platforms, working with legacy solutions such as reCAPTCHA, inadvertently risk blocking good users, which leads to lower conversion rates and a loss in revenues. This is because reCAPTCHA has failed to keep pace with the advanced capabilities that bots have now acquired, which renders it ineffective at bot detection and providing the level of security that today’s digital businesses need. On the contrary, because fraudsters have become adept at circumventing reCAPTCHA, fraud and security teams must spend more time on manual reviews, which is not only a waste of skills but also a waste of time on low-value work. Further, manual reviews delay the decisioning process causing frustration to consumers and erosion of brand equity.
How One Collaboration Platform Leveled Up with Advanced, User-Centric Fraud Defense
Today when fraud prevention technology has advanced manifold, technology platforms no longer need to settle for a trade-off between growth and security. Instead, they should deploy more user-friendly security measures that treat consumers differently from suspicious traffic. They need to move beyond one-size-fits-all authentication measures with friction reserved only for bad actors.
One of the most widely used business collaboration and sharing platforms was facing exactly the same situation where attackers created fake new accounts and launched account takeover attacks. The attackers abused the sign-up process for account enumeration. A series of attacks disrupted user experience and began causing revenue losses for the company. The company’s existing fraud defense solution – reCAPTCHA – failed to flag attacks; instead, it further damaged consumer experience with additional friction.
The company was, therefore, looking for a fraud solution that would put an end to the attacks without sacrificing user experience. A solution that would allow consumers to experience a seamless login and registration process, while keeping bad actors away. The company wanted to minimize friction for its consumers, improve conversion rates, and deliver frustration-free account security to build consumer loyalty.
Arkose Labs Reduced Consumer Intervention Rates by 70%
The company approached Arkose Labs and deployed our solution to experience visible results within a short span. Leveraging the smart detection capabilities of Arkose Detect, the company could accurately differentiate between good users, bots, and malicious human attackers. Real-time risk assessment informed the challenge-response authentication mechanism, which presented 3D puzzles to suspicious users.
Good users faced no impact on their experience, whereas bots and automated scripts failed instantly, owing to the puzzles being trained against the most advanced machine vision technology. Persistent malicious human attackers faced stepped-up friction in the form of more complex and frequent challenges. To clear this barrage of difficult challenges, attackers needed more time, efforts, and resources, which made the attack financially not worthwhile and forced them to abandon the attack.
As compared to reCAPTCHA, Arkose Labs challenged far less traffic and was more effective at protecting digital accounts of millions of consumers. Arkose Labs helped the company stop abuse of new account registrations and achieve greater resilience to account takeover attacks. The Arkose Labs solution also enabled the company to reduce intervention rates for consumers by 70%.
To learn how Arkose Labs protects technology platforms from the scourge of account takeover attacks and fake new registrations, while keeping consumer interests at the forefront, book a demo now.