Fraudsters mobilize their resources to execute attacks according to the target industry. Following on from 2020, they followed the increased user traffic to maximize their exploits with minimum resources in Q1 2021 as well. Below are the industry-specific attack trends from the Q2 2021 Fraud and Abuse Report released by Arkose Labs.
Fraudsters are innovative and quick to adapt to new and changing circumstances. They took advantage of the new normal and the quarantines to evolve their attack techniques as well. In addition to the seasoned fraudsters, people who had never previously dabbled in fraud also tested the fraud waters during the pandemic and realizing there was money to be made, are continuing with fraud in small amounts.
Depending on the target industry, fraudsters maneuver their resources to maximize their profits with the least possible investments. Here’s a snapshot of industry-wise attack trends from Q1, 2021.
Retail was the most highly attacked industry
The beginning of 2021 witnessed a shift of attacks from online gaming to online retail, although it was highly attacked towards the end of 2020 due to Black Friday and year-end holiday shopping season. A little more than 25% of digital traffic to retail sites in Q1 2021 was identified as malicious. This indicates that during 2020, there was a rise in ecommerce traffic — especially the digital debutants who were forced online by the pandemic — and it has now become the new norm.
2021 State of Fraud and Abuse in eCommerce and Travel
Financial services faced sustained attacks on loan and credit applications
Financial services continue to see a steady stream of fraud attacks targeting new loan and credit applications. This is a trend that continues on from 2020 when fraudsters flooded digital banking channels to take advantage of government programs designed to help businesses (such as PPP loans), as well as using synthetic identities to take out personal loans with no intention of repaying them.
As fraudsters realized the success they could have with loan application fraud during the initial stages of the pandemic, they have continued to target this area. Financial firms also saw an 11.2% increase in login attacks in Q1 compared to Q4 of 2020, as fraudsters increasingly targeted valuable financial accounts with ATO attacks.
Fintech Neobank Protects User Accounts with Arkose Labs
Attacks on gaming platforms were evenly distributed
In 2020, online gaming was the most attacked industry. It saw high rates of mobile attacks across all touchpoints during Q1, 2021. Overall, attacks from the mobile channel increased from 19% in Q4 2020 to 32% in Q1 2021. These attacks are still bot-driven, with more than 97% of attacks being automated. While login remained the top attack touchpoint in Q1 2021, there were more evenly distributed attacks throughout this quarter than previously seen, with less sustained ATO and credential stuffing attacks and a more normalized attack pattern. Read more about the state of gaming fraud in this Q1 Fraud and Abuse Report.
Tech platforms: Variety of attack types and monetization
Tech platforms see a bit of everything when it comes to fraud attacks, as criminals utilize a variety of tactics to launch and monetize attacks in this industry. In Q1 2021, there was a noticeable spike in human-driven attacks on the new account sign-up flow. Fraudsters would sign up for fake new accounts on cloud storage and collaboration platform to get free promotional server time. They would then use the free server time to mine bitcoin or other cryptocurrencies. With a human attack rate of more than 40%, tech platforms see some of the highest ratios of human-driven attacks, again reflecting the more intricate and varied ways that fraudsters target these platforms.
Media companies facilitate human-driven scams
Media companies — defined as dating, social, and streaming sites — are often used to launch human-driven fraud and abuse. For example, human fraudsters set up fake accounts on dating and social media sites to then send phishing messages or romance scams to unsuspecting good users. This is a big reason why fake new account fraud increased drastically in Q1 2021 for this sector. The attack levels for streaming companies are not so high, but they face unique challenges in extending security to a variety of smart devices customers regularly use to consume streaming content.
Adopt a fresh approach to deter fraud
During 2020, not only was the economy devastated but businesses were also operating in a highly hostile attack landscape with the volume of fraud attacks only going northward. These attack trends have continued in 2021, which means businesses need to fortify their defenses to overcome these heightened threats. However, legacy or point solutions, and even purely data-driven fraud defenses cannot stand them in good stead when the attacks are evolving rapidly and fraudsters executing their attacks strategically.
Businesses need a fresh approach to fighting complex fraud attacks and focus on deterrence rather than mitigation. The Arkose Labs solution goes beyond risk scores, behavioral analysis, and mitigation, to combine real-time threat assessment with enforcement challenges. It bankrupts the business model of fraud by wasting the attackers’ time, effort, and resources to eventually force them into giving up and moving on, all the while allowing seamless user experience for authentic users.
To learn how Arkose Labs uses targeted friction according to industry-specific attacks and deters attackers, please book a demo now.