Fraud Prevention

Human-driven Fraud Attacks Rose 90% in Last Six Months

February 26, 20204 min Read

human-driven fraud attacks

fraudRise in human-driven fraud attacks is testament to fraudsters' willingness to play a long game and implement multi-step attacks to hide fraudulent intent

Digital transformation has opened up multiple attack vectors which fraudsters are exploiting in every possible manner to maximize exploits. Fraudsters adapt their strategies according to the economic dynamics at play, a fact corroborated by the latest Arkose Labs Q1 2020 Fraud and Abuse Report.

The Q1 2020 Fraud and Abuse Report reveals a major spike in human-driven attacks during Q4 2019 which rose a whopping 90% over the previous six months compared to automated attacks which registered 25% growth during the same period. This change of attack pattern manifested across geographies and industries as well.

Shift in tactics to maintain ROI

Fraudsters leverage the connected cybercrime ecosystem to shift their tactics in response to elevated corroboration across businesses. This is especially true in the busy commercial periods such as Q4 when digital commerce and consumer activity are at peak levels. An increased focus on identity proofing—especially during heightened commercial activity—means less success rate for automated attacks. Fraudsters, therefore, turn to human-driven attacks to maintain the return on investment (ROI).

Increase in sweatshop-driven attacks

The Report further investigates into the mechanics of attacks originating from automated bots, humans and ‘sweatshops,’ which represent large groups of low-paid workers employed to carry out attacks or make fraudulent transactions on behalf of fraudsters. Arkose Labs finds that fraudsters use a blend of automated and human-driven attacks for advanced, multi-step attacks in an attempt to evade defenses, especially during the high online traffic period. There is a marked increase in sweatshop-driven attacks during this period—50% higher than in Q2 2019—as fraudsters look to blend in with genuine traffic.

Outsourcing keeps costs low and profits high

Arkose Labs' deep-dive investigation into 1.3 billion user sessions reveals fraudsters tap into human farms from countries that help them keep the costs low and profits high. The Arkose Labs Report reveals that while the majority of attacks originating from the US and the UK were automated, there was a marked growth in sweatshop-driven attacks from Venezuela, Vietnam, Thailand, India and Ukraine. Human-driven fraud attacks from the Philippines, Russia and Ukraine almost tripled as compared to Q2 2019. This outsourcing of activity to human sweatshops allows fraudsters to augment their attacks and cause a surge in fraud, especially in industries such as online gaming and social media.

Maximum attacks on social media platforms

Social media account registrations and logins were under siege during Q4 2019, registering the highest attack rates. The Report reveals that every two in five login attempts and every one in five new account registrations on social media platforms were fraudulent with more than half of these attacks being human-driven. Fraudsters target this customer touch-point hoping to monetize it downstream.

Online gaming witnesses sophisticated attacks

The online gaming industry witnessed sophisticated attack patterns, where fraudsters used human-driven attacks for new account registration and logins. Attacks on gaming platforms rose 25% over the previous quarter. Fraudsters leveraged gaming applications to use stolen payment methods, steal in-game assets, abuse auction houses and disseminate malicious content. Using bots, fraudsters created online gaming account profiles and sold accounts with higher levels, assets, and in-game currencies.

In it for a long haul

A prolific rise in human-driven fraud attacks is testament to fraudsters' willingness to play the long-haul and implement multi-step attacks to hide their fraudulent intent. Fraudsters are now investing more time and resources in their attacks. They prepare the attack ground months in advance using low-cost, automated attacks focused on testing and validating credentials. As long as businesses tolerate fraud losses as a 'cost of doing business' and fraudsters find opportunities to make money, fraud will continue to plague digital businesses.

Zero tolerance approach to fight fraud

The only sustainable approach to fighting fraud is to adopt zero-tolerance to fraud and erode the economic incentives associated with fraud. Arkose Labs helps global brands protect their businesses against fraud and online abuse by making the attacks financially non-viable. Arkose Labs believes digital businesses must prioritize in-depth profiling of activity across all customer touch-points and combine digital intelligence with targeted friction to render large-scale attacks unsustainable.

To access the complete report for industry-wise insights, click here.