Snap Inc. the enterprise that owns the immensely popular Snapchat app, was faced with malicious entities on its platform and expansion of SMS Toll Fraud. Snap partnered with Arkose Labs and saw immediate benefits, including increased protection for its 300+ million users and a dramatic reduction in fake accounts and SMS toll fraud.
Want to learn more about Snapchat’s partnership with Arkose Labs? Check out our video interview now!
How Snapchat Replaced a Leading Bot Mitigation Solution to Dramatically Reduce Fake Accounts
Social Media Enterprises are Targeted by Cybercriminals
In 2021, Arkose Labs research found that digital media companies, including social media platforms, represent a third of attacks in the U.K. This amounted to an 88% increase since 2020.
One of the reasons that social media platforms are so heavily targeted by cybercriminals is the sheer size of the attack surface, with each individual account being a potential avenue for an attack. The number of social media users is projected to reach nearly 6 billion by 2027.
Treasure troves of personal information, and account takeovers (ATOs), are a huge motivator for cybercriminals. Once a cybercriminal or fraudster successfully takes over an account, they can use it for downstream attacks, which can include:
- sending spam and phishing messages
- extorting or laundering money
- committing identity theft and fraud
One type of attack that is a growing problem is SMS toll fraud, which is sometimes referred to as International Revenue Share Fraud (IRSF) or SMS pumping. This type of fraud occurs when cybercriminals abuse one-time passwords (OTP) sent via SMS text messages to mobile devices. Enterprises pay for these SMS messages, and while non-premium messages are inexpensive, premium rate numbers from countries like Iran,Russia, or Vietnam, are extremely costly and lead to financial losses.
These charges can add up (in the millions of dollars for some) for enterprises who rely on an OTP as part of their account registration and log-in flows.
Long story short: Cybercriminals will continue targeting social media platforms and commit SMS toll fraud as long as they continue to benefit financially. If those economic drivers are unavailable, then they will look elsewhere. Enter Arkose Labs.
Why Snapchat Turned to Arkose Labs to Assist with their Cybersecurity Strategy
From very early on in our partnership, we found that Snapchat’s goal was to solve for the end user in mind. According to Snap Engineering Manager Nick Reva – who works in Security Engineering – this is aligned with Snap’s core values of “Kind, Creative, and Smart” and a belief that Snapchat employees feel that they need to be “allies to our user base and to really protect them on the internet […] without being bothered by bad actors.” This is a tall task for any security team, especially considering that Snapchat users amount to more than 300 million people. In fact, Snapchat reaches more than 75% of 13 to 34 year olds in over 20 countries.
These numbers alone can be challenging for security teams, even more so when you consider the amount of cybercriminals and fraudsters constantly looking to leverage the platform for their own malicious purposes, like stealing sensitive information.
While predominantly an app, Snapchat also has a web experience that enables users to unlock their accounts, access their data for GDPR, or purchase ads, which is a key revenue driver for the company. Snapchat was looking to combat the rise of bad actor account creation on their web experience.
Since implementing the Arkose Labs solution at the top of its registration and log-in flows, the amount of cybercriminals and malicious bots attempting to take advantage of Snapchat’s platform and its legitimate users have been drastically reduced.
Arkose Labs Helped Snapchat Reduced SMS Toll Fraud Attempts
Like many other enterprises, Snap uses SMS messages for account verification and account challenging. This gives cybercriminals an avenue to conduct IRSF or SMS Toll Fraud as a way to turn a quick profit. If an account is created and a phone number is used – and Snap sends that number a message or OTP – they will pay for that message. As bad actors increasingly rely on premium numbers – like those originating from Russia or Iran, for instance — these SMS messages can become expensive, especially when done at scale. By introducing Arkose Labs, Snap was able to stop malicious bots and cybercriminals at the account creation stage, which negates the need to send a SMS message.
Stopping these fraudulent SMS-related charges allows Snapchat to experience real, long-term savings.
“In these recessionary times we have to be thoughtful of cost,” Reva says.“And it’s my hypothesis that the organization can significantly reduce sign-up verification-related SMS abuse by putting Arkose Labs on that funnel for our flagship product, Snapchat.”
Arkose Labs’ Targeted Friction Puts a Stop to Credential Stuffing
Regarding credential stuffing attacks, cybercriminals will often take lists of credentials that have either been stolen, leaked as part of a data breach, or purchased on the dark web. Using these credentials, cybercriminals will then attempt to use them to log in to Snapchat. Once they have been able to log into an unsuspecting user’s account, they can use that account for downstream cyberattacks and additional fraud.
Using Arkose Labs’ solution, specifically Arkose MatchKey challenges, allows the Snapchat team to introduce friction to suspected bad actors – both human and non-human. These real-time challenges make it difficult for cybercriminals to use automation (bots and botnets) to solve and become time consuming for humans to enter individual username and password credentials at scale.
Ultimately, Arkose Labs disincentivizes cybercriminals from conducting attacks. As cybercriminals are looking to turn a profit quickly, the additional complexities of the friction introduced by Arkose Labs makes a bad actor invest more time, money, and additional resources into their attack. Once they realize they will be unable to make a quick buck, they will look elsewhere for their attack.
Looking to Put a Stop to Cybersecurity Threats? Reach out to Arkose Labs
While we are proud of the solutions we provide at Arkose Labs, we are also constantly looking to develop active partnerships and first-rate customer service with the enterprises that work with us. This partnership was noted by the Snapchat team. “ [On Arkose Labs’ security operations team] Above all, these people really care. They’re really interested in our success. I feel like it’s just an extension of my team[,]” said Reva. If you would like to watch the full interview with Snapchat’s Nick Reva, please click here.
For more information on how Arkose Labs can partner with your enterprise to mitigate the multitude of cyber threats it faces, schedule a meeting with us today! If you would like to quantify how Arkose Labs can help your enterprise maximize its long-term savings by investing in a solution, please use our free Cybersecurity ROI calculator.