2021 State of Fraud Report focuses on rising credential stuffing, account takeover, and fake new account attacks
SAN FRANCISCO–(BUSINESS WIRE)–Arkose Labs, a leader in fraud prevention and account security, released data today detailing fraud attack trends as seen over the first half of 2021. The 2021 State of Fraud Report found that fraudsters are increasingly focusing on digital accounts, whether that is by compromising existing user accounts or creating fake new accounts to commit fraud. The report also found that attackers are leveraging fraud farms and mobile devices to increase their ability to mimic the way consumers interact today. As mobile continues to be a more predominant channel for consumers to repeatedly access and interact with their favorite platforms, fraud is following suit to blend in with “normal” consumer behaviors.
“Whether they are taking over existing user accounts, or creating fake accounts for a variety of purposes, fraudsters expertly disguise themselves as legitimate users to abuse and monetize digital accounts”
Additionally, the report indicated that attacks against logins and registrations are not always independent. More than ever, fraudsters are attacking both of these digital touchpoints, which makes ensuring digital account integrity more vital than ever for businesses.
“Whether they are taking over existing user accounts, or creating fake accounts for a variety of purposes, fraudsters expertly disguise themselves as legitimate users to abuse and monetize digital accounts,” said Kevin Gosschalk, CEO of Arkose Labs. “With customer-centricity vital for success in this digital world, businesses must enable a seamless account login or registration process, while still being vigilant at monitoring these touchpoints as the starting points of fraud.”
In early 2021, the Arkose Labs team uncovered attacks which first centered on the registration flow, followed immediately by an attack on logins. A declined registration can validate if the account exists already, leading the bad actor to pivot to an account compromise attack. As cybercriminals deploy these multi-pronged strategies, platforms must have an adaptable approach that protects both account entry points.
Additional highlights from the report include:
- Surge in New Account Fraud – Fake new account registration comprised over one-third of attacks detected in 2021, an increase of over 70% from the end of 2020. Fake accounts contribute to a wide range of in-platform abuse, such as spam, phishing and info scraping.
- Prevalence of Credential Stuffing – With stolen credentials and sophisticated tools at their fingertips, fraudsters are continually profiting from high-volume credential stuffing attacks and getting through standard defenses. Credential stuffing accounted for 29% of all attacks across the Arkose Labs network.
- The Maturation of Mobile – 50% of all digital traffic (good and bad) originated from a mobile device, up from 35% in the second half of 2020. The mobile attack rate was 24%, meaning businesses must be increasingly aware of attacks originating from mobile devices.
- Increase in Human-Driven Attacks – The first half of the year delivered a 6x increase in the human-driven attack rate vs. bot attacks. This is part of a growing trend towards hybrid and human-assisted attacks at scale.
- New Attacks out of Asia – In addition to high activity in known fraud countries of origin, such as Russia and Vietnam, China and India are back on the map as top attacking countries. Asia also had the highest percentage of human fraud farm attacks, with 60% of all such attacks originating from Vietnam and China. This illustrates this region’s importance to fraudsters in finding human labor to deploy to supplement automated attacks, or to carry out tasks that require more nuance than bots can currently manage, such as sending phishing messages on online dating scams.
“Fraudsters continue to diversify the nature of their attacks, as well as attack touchpoints,” said Vanita Pandey, Chief Marketing Officer, Arkose Labs. “It’s imperative that businesses protect the full digital perimeter of user touchpoints and closely monitor any signs of suspicious activity.”
The 2021 State of Fraud Report is based on actual user sessions and attack patterns that were analyzed by the Arkose Labs Fraud and Abuse Prevention Platform from the first half of 2021. These sessions, spanning account registrations, logins and payments from financial services, ecommerce, travel, social media, gaming, and entertainment were analyzed in real-time to provide insights into the evolving fraud and risk landscape. Unsophisticated bot attacks don’t result in a user session and thus have not been included in this report. The report focuses on attacks from fraud outlets that combine state-of-the-art technology with stolen identity credentials and human efforts.
To access the full Report, please click here.
About Arkose Labs
Arkose Labs bankrupts the business model of fraud. Recognized as a 2021 Cyber Defense Magazine “Hot Company in Fraud Prevention”, its innovative approach determines true user intent and remediates attacks in real-time. Risk assessments combined with interactive authentication challenges undermine the ROI behind attacks, providing long-term protection while improving good customer throughput. Arkose Labs is based in San Francisco, Calif., with offices in Brisbane, Australia and London, UK. For more information, visit www.arkoselabs.com or on Twitter @ArkoseLabs.