The number of users in the digital world increased exponentially during 2020, allowing fraudsters to hide more easily and exploit business networks to execute attacks. Now, while the world begins to slowly inch towards recovery, fraudsters are adapting to the new normal and are improvising their attack techniques. Our 2021 Q2 Fraud and Abuse Report uncovers trends that can inform businesses of the upcoming threats and take proactive action to adequately protect themselves and their customers. Here's a look at some of the top trends from Q1 2021:
Attack rate dropped from Q4 2020
There was no difference in the way 2020 ended on 2021 began – the attack levels were consistently high. This, however, changed as the quarter went on. The suspicious traffic rate was 30% at its peak but dropped off to 17% by the end of Q1 2021.
A new face of fraud
A section of people who faced financial hardships due to the pandemic began dabbling in fraud and it quickly became a fallback career for them. These are the people who took to fraud out of desperation but got lured by the profits of the 'profession' and continue to engage in fraudulent activities – especially in activities like fake reviews, disseminating false information on social media, creating fraudulent accounts to obtain new user sign-up bonuses on online gambling sites or using bots to reserve and buy in-demand items — such as new video game consoles or limited-edition sneakers — to resell at a profit. This 'new face of fraud' has now become a part of the fraud ecosystem and is difficult to detect or stop.
Diversification of attack points
Unlike many previous quarters where the majority of attacks were focused on logins and sustained credential stuffing attacks, Q1 2021 saw a diversification of attacks across use cases such as spam, information scraping, fake reviews, in-game abuse, inventory hoarding, and bot-driven API abuse. Attacks on logins remained high at 45% of all attacks; however, there was also a significant increase in payment-related attacks and spam and abuse. Payments attacks rose 27.6% compared to Q4 2020 whereas there was a 36.1% increase in abuse.
Hijacking IP addresses
Bad actors are resorting to hijacking trusted IP addresses to carry out attacks and avoid detection. They often hijack IPs from a geography, which is not typically known for fraud attacks, such as North America.
With an increase in the number of smart devices and IoT, there has been a proportionate increase in the number of new IPs created, enabling fraudsters to exploit them. They reroute Border Gateway Protocols (BGPs), the standard routing protocol of the internet, to compromise the routing tables and take over IP addresses.
Rise in human-driven fraud and human-bot hybrid attacks
According to our 2021 Q2 Fraud and Abuse Report, there was a marked increase in human-based attacks in Q1 2021, which once again underscores the crucial role fraud farms play in executing attacks. As compared to Q4 2020, the volumes of human-driven attacks doubled in Q1 2021, with a distinct spike during the middle of the quarter. This has led to the increasing relevance of 'cyborg' attacks — with fraudsters deploying a mix of bots and fraud farms to successfully execute human-bot hybrid attacks.
Retail companies saw human fraud rising in payment attacks in Q1 2021. However, it was the tech and media industries that were the worst affected, experiencing 40% and 32% human-driven fraud, respectively.
Encompassing dating, social, and streaming sites, media companies are often victims of human-driven fraud and abuse, where fake accounts on dating and social media sites are used to send phishing messages or romance scams to con unsuspecting good users. This is one of the reasons behind the drastic increase in fake new account fraud in this sector in Q1 of 2021. Although streaming companies did not witness high attack levels, they faced unique challenges in extending security to a variety of smart devices that are now used to consume streaming content.
Rise in malicious mobile traffic
There was a 43% increase in mobile attack rate in Q1 2021 compared to the previous quarter, with a focus on login and new account registration. There was a higher level of fraud originating from mobile devices – up to 28% of all attacks compared to 19% in the previous quarter.
Gaming, unsurprisingly, was the top sector targeted by mobile-based attacks due to mobiles being the most popular channel for gaming. This bodes well for fraudsters as they can easily spoof mobile devices and hide their tracks by simply purchasing not only the IP addresses off of numerous websites, but also the associated mobile device fingerprint. The overall attacks from the mobile channel in Q1 2021 increased to 32% from 19% in Q4 2020, with nearly 97% of the attacks being bot-driven. Login remained the top attacked touchpoint.
Deploy effective fraud defense for long-term protection
Fraudsters are quick to manipulate situations and maneuver their resources to sharpen their attack techniques. Add to this the new fraudsters – a byproduct of financial hardships due to the lockdowns – who never engaged in fraud before, and we have an expanding ecosystem of cybercrime complete with toolkits, expertise, suppliers, fraud farms, and much more. This ecosystem can power attacks that can damage businesses and their users. Therefore, it is imperative that digital businesses deploy effective fraud defenses that can safeguard their business and customer interests long-term.
Arkose Labs is a trusted partner for leading global brands in protecting them long-term against evolving fraud. The combination of dynamic risk assessment and adaptive, step-up enforcement challenges erodes the profitability of attacks by wasting the time, effort, and resources of the attackers. This enables businesses to stop bad actors right at the entry gates, without unnecessarily creating friction for authentic users.
To get more insights on the biggest fraud trends of Q1 2021 and actionable advice on how to fight fraud effectively, please download your copy of the 2021 Q2 Fraud and Abuse Report now.