Human-driven fraud, where malicious humans engage in fraudulent activities, doubled in volume during Q1 2021 over the previous quarter. Technology platforms and Media companies were the worst affected by human-driven fraud at 40% and 32%, respectively.
It is estimated that globally business lost nearly $42 billion to fraud in 2020 and these costs continue to increase every year. Fraudsters are in the business of making money and they continue to innovate and deploy tools and strategies with ever-increasing sophistication. They marshal their resources and deploy bots, fraud farms, or a combination of the two, to maximize profits with the least possible investments.
Human-driven fraud volumes doubled in Q1 2021
In Q1 2021, human-driven fraud volumes doubled from Q4 2020. These attacks are generally carried out by fraud farms, which refers to organised operations of workers that are deployed to attack at scale and circumvent anti-bot defenses. An increase in human-driven fraud in Q1 2021, therefore, indicates the continuing importance of fraud farms in executing complex attacks. It also shines the spotlight on the relevance of so-called cyborg attacks where fraudsters deploy a mix of bots and fraud farms to successfully execute attacks.
Technology platforms witnessed a noticeable spike (40%) in human-driven fraud especially on new account creation flow. Fraudsters created fake new accounts on cloud storage and collaboration platforms to get free promotional server time, which was abused to mine bitcoin or other cryptocurrencies.
Human-driven fraud on media companies – encompassing dating, social, and streaming platforms – rose 32% with a drastic increase in fake new account creation. These fake new accounts are often used for romance scams on dating platforms and to send phishing messages on social media sites.
There was also a spike in human-driven payment attacks on retail companies in Q1 2021.
Most human-driven fraud attacks originated in North America
The majority (38%) of human-driven fraud in Q1 2021, emanated from North America, primarily due to the attacks on social media platforms. Malicious humans abused these platforms to send phishing messages and links to unsuspecting users to place malware on their devices or extract personal information that could be resold later.
Human-driven fraud find a supplement in the new face of fraud
In addition to human-driven fraud executed through fraud farms, there is an emerging new face of human-driven fraud. This includes the people who dabbled in fraud out of financial hardships during lockdowns, but found it profitable and have continued with it instead of returning to their legitimate work. This new segment of fraudsters, which usually engages in activities like fake reviews, disseminating fake information on social media, and creating new fraudulent accounts for bonus abuse, is becoming difficult to detect and stop as they are regular users that have now begun engaging in fraud.
Further, fraudsters are rerouting Border Gateway Protocols to hijack legitimate IPs and launch DDoS attacks on websites or to spoof IPs to appear as good traffic and fool fraud defense measures. Fraud-decisioning that relies on IPs can take a beating as signals increasingly fall in the gray area and can make it difficult for businesses to accurately identify bad actors from good users.
As human-driven fraud, supplemented by people who refuse to give up on fraudulent activities, continues to increase, it becomes imperative for businesses to adopt a fraud defense approach that fortifies vigilance at the entry gates. When fraudsters are unable to sneak into the business network, they cannot exploit the business or its users.
Shut the entry gates at attackers
Arkose Labs helps global brands to accurately identify bad actors and shut the entry gates at them without disrupting the user experience for genuines users. The Arkose Platform does not block any incoming user. Instead, it presents 3D challenges to suspicious users based on the risk assessment informed by its dynamic risk engine. Good users often pass through unchallenged, while bots fail instantly. Persistent malicious humans are continuously presented with adaptive, step-up challenges to sap their time and resources, ultimately making the attack financially non-viable to wean away the attackers.
By ensuring bad actors are kept out of their networks, digital businesses can increase good user throughput and focus on growing their revenues and enhancing user experience. To learn how Arkose Labs helps digital businesses stop human-driven fraud to safeguard their business and customer interests, please book a demo now.
Arkose Labs recently hosted a webinar entitled ‘Fraud in 2021: 6 Trends Fraudsters Don’t Want You to Know’ to discuss insights derived from Arkose Labs’ 2021 Q2 Fraud and Abuse Report. Our experts analysed proprietary data from the latest fraud attack trends as seen on our global network, which encompasses clients in nearly every industry worldwide, including financial services, gaming, media, and more. To access the on-demand version of the webinar, please click here.