Fraud Prevention

New Account Fraud Reaches Record Highs in Q3 Accounting for Nearly 70% of All Attacks

November, 23, 20215 min Read

New account registration was the top attack type during the third quarter of 2021. Attacks on registrations nearly doubled in Q3 2021, a four-fold increase compared to attack volume in Q1

Fraud attacks continue to get more sophisticated and more frequent. Fraudsters also continually change their attack tactics to stay one step ahead of businesses. That was evidenced from data analyzed on the Arkose Labs Global Network during Q3, where fake new account fraud spiked to never-before-seen levels.

As the Arkose Labs Q4 2021 Fraud and Abuse Report shows, fraud never sits still and never takes a day off. Businesses must be ever-vigilant and aware of the latest evolving threats. 

With that in mind, here’s a look at some of the noteworthy trends from the latest Arkose Labs fraud report.

Rise of the Machines

In Q3 of 2021, while overall attacks increased 15% compared to the previous quarter, bot attacks continued to wreak havoc on businesses, contributing to nearly 90% of all attacks.

Although in the last couple of years, there has been an increase in human-driven attacks, fraud has shifted heavily towards automation to help scale up attacks, which will likely increase further in view of the upcoming holiday season where bots will once again take the center-stage. This is because fraudsters target peak traffic periods to take advantage of this surge and blend in with good users. The last quarter of 2020 had seen more than 2 million bot attacks and we expect a similar or possibly higher attack volume this holiday season.

New Account Fraud

Given the surge in digital activity, businesses are inundated with fake new accounts disguised as legitimate users. There were 560 million attacks on registration flows on the Arkose Labs Network in the third quarter of 2021, constituting two-thirds of all attacks. Fake new accounts open up multiple monetizing options including promo abuse, application fraud, account validation attacks, synthetic identity farming, affiliate fraud, and spamming users with phishing attacks. As a result, these attacks are increasingly becoming a headache for IT executives.

Credential Stuffing

5% of all digital traffic on the web is a credential stuffing attack and there seems to be no let-up in these attacks as fraudsters look to capitalize on the exponential growth in the number of digital accounts around the world.

Credential stuffing attacks constituted 17% of all attacks on the Arkose Labs Network during Q3, which also explains an increase in the use of bots to automate credential stuffing attempts. Arkose Labs stopped more than 140 million automated credential stuffing attacks in Q3 of 2021 and introduced the first-ever $1 M credential stuffing warranty.

With more and more consumers using digital accounts for multiple reasons and the numbers further swelling during the holiday season, fraudsters have a far greater window of opportunities to attempt credential stuffing attacks and subsequently account takeovers. As a result, they have come to rely heavily on bots to test thousands of credential combinations in a short period of time.

With people resuming travel, fraud against travel companies has also resumed. An industry that witnessed nearly zero attacks during 2020, has once again become a hot target with attacks doubling compared to the first half of the year. The attack rate for the travel industry in Q3 was a whopping 53%, which rose by 80% over the previous quarter. This was largely driven by attacks on travel sites in the US that constituted 66% of all traffic on these sites.

As far as other industries are concerned, the finance sector witnessed 32% more attacks compared to the first half of the year and 91% of the attacks on technology platforms were driven by automation. The most attacked touchpoint in the media and streaming industry was login (at 60%) whereas registration was the most targeted touchpoint in the gaming industry.

Asia is Top Fraud Hub

Asia continues to remain the hotbed of fraud for both bot-driven and low-cost click farm attacks. China, Vietnam, and Indonesia were the top attacking nations during Q3; and nearly half of the attacks detected on the Arkose Labs Network emanated from China. These countries were followed by the United States and Russia.

Over 8 Million Attacks per Day During the Holiday Season

Fraud is on an upward trajectory and is expected to continue its northward march well into the holiday season. Based on our experience from 2020, we anticipate a 50% increase in the upcoming holiday season, as fraudsters will be looking to launch attacks more frequently in order to take advantage of the surge in digital traffic during this period. Businesses need to take proactive measures to step up their fraud defenses with solutions that can adapt to the latest attack techniques and scale up as needed.

We anticipate more than 8 million attacks per day during this year’s holiday season. It is, therefore, prudent to learn about the top attack trends and prepare your business to fight them with confidence. To learn more about the top fraud trends and how to safeguard your business and customer interest, please request a copy of the Arkose Labs Q4 2021 Fraud and Abuse Report.