Fraud Prevention

Sweatshops are Powering the Rise of Human-Driven Fraud

August, 19, 20204 min Read

Human-driven fraud is on the rise as fraudsters 'hire' sweatshop-like malicious humans to engage in fraudulent activity on their behalf and help them launch attacks at scale. Fraudsters employ human sweatshops for attacks that need more nuanced human behavior, which also makes these attacks difficult to detect and stop.

Fraudsters are in the business of cybercrime for financial gain. They orchestrate strategic attacks with carefully calculated measures to maximize the exploits in the least possible time. This includes maneuvering resources to scale attacks. Automation is a cost-effective method that enables fraudsters to achieve scale quickly. However, when bots are stopped in their tracks, fraudsters shift to human-driven fraud, where human sweatshops enable fraudsters to launch attacks at scale.

Fraudsters hire sweatshops to launch attacks at scale

Although some advanced bots can mimic humans closely and appear legitimate, they fail when a higher level of human interaction is required. Fraudsters 'employ' human sweatshops in such situations that demand more nuanced human interaction. In fraud parlance, human sweatshops refer to large groups of low-wage workers, who work for fraudsters to launch attacks at scale. Monetary income and consistent activity are the incentives that pull human sweatshops to engage in human-driven fraud.

Fraudsters, often find cheap human sweatshops-like labor in countries including the Philippines, Venezuela, Vietnam, and Thailand. The hourly wages in these regions are low and it makes economic sense for fraudsters to get humans from these regions to manually drive fraud.

Recommended Blog: Coronavirus Special Report: The Impact on Fraud Sweatshops?

Human-driven fraud continues to soar

Human sweatshops are usually hired to steal credentials, click on links, as well as for account takeover, new account registration, and disseminating spam. Fraudsters give these human laborers a target, wherein, they must complete the assigned number of attacks in a given duration. This is how fraudsters ensure achieving scale in an attack.

Human-driven fraud is on a steady rise, although automated attacks still constitute the bulk of all attacks. Our Q3 2020 Fraud and Abuse Report reveals that fraud in Q2 2020 was more human-driven and registered the largest proportion of human fraud over the last four quarters at 41%. Human-driven fraud, particularly, stung technology platforms (57%), retail (20%), and online gaming (41%) in Q2 2020. This only means fraudsters are augmenting their attacks by outsourcing fraudulent activity to human sweatshops.

Recommended Blog: How Machines Are Set to Conquer Legacy CAPTCHAs

Look beyond mitigation and pure data-driven solutions

Detecting human-driven fraud is tricky. Numerous and frequent data breaches have provided fraudsters with verified consumer details, which have been used to corrupt digital identities at scale. Fraudsters share these details with human sweatshops to impersonate genuine customers. Combine this with fluctuating digital behavior of genuine customers, which causes a medley of signals that do not give clear 'trust' or 'mistrust' signals. In fact, human sweatshop laborers may give out 'trust' signals to fool purely data-driven fraud solutions into allowing them access to the business network.

What then is the best way to stop human sweatshops from causing havoc on businesses? It is clear that pure data-driven solutions and point solutions cannot effectively stop human-driven fraud. These motivated laborers do not give up until they can circumvent these fraud prevention mechanisms. There are established sweatshops that can be tied back to certain organizations. However, this is not always the case, as there are unknown sweatshops at work too. In such a situation, a fresh approach to tackling human-driven fraud is needed. An approach that increases the efforts and dilutes the returns.

Stop human-driven fraud AND maintain user experience

At Arkose Labs, we use context-based 3D puzzles to block human sweatshops. Arkose Detect and Arkose Enforce are the two components that power our fight against human-driven fraud. Arkose Detect assesses and assigns a risk score to every user. It uses device and browser intelligence, canvas fingerprint, completion time, solve rate, and a host of other parameters to distinguish between a true user and a malicious human sweatshop.

This intelligence informs Arkose Enforce—the challenge-response mechanism—to step-up the complexity of the 3D puzzles for malicious humans. Whether it is by defining the number of rotations allowed or the number of attempts to solve an Arkose MatchKey challenge, the challenges are progressively made harder to solve. This increases the time and resources needed to clear these Arkose MatchKey challenge at scale. When the investments mount as compared to the returns from the attack, the financial viability of the attack is ruined and the business of fraud bankrupted. This forces fraudsters to give up and move on.

Recommended Download: Arkose Enforce Solution Brief

Arkose Labs' integrated, long-term approach is helping global businesses use targeted friction to effectively fight the menace of human-driven fraud while keeping user experience at the forefront. To learn more about Arkose Labs' approach to tackling human-driven fraud, click here