Arkose Labs New Intelligence Report Reveals Mounting Economic Gains for Fraudsters, with “Wages” Spiking to $600,000 a month

9 min Read
top attack trends
  • Rookie fraudsters make approximately $20,000 a month, as ‘Cyber Kingpin’ wages reach more than $600,000 a month
  • Number of active fraudsters has increased tenfold since 2019
  • Nearly 33% of cybercrime losses come from online consumer account-based fraud attacks
  • Fintech, gaming, technology, and ecommerce companies are hyper-targeted industries where fraudsters have the potential to earn the most money
  • Top targeted companies can see up to 35% of traffic coming from human fraudsters  

San Mateo, Calif. (May 18, 2022)Arkose Labs, the global leader in fraud deterrence and account security, today released new insights, shining a light into the corners of the expanding global fraud economy.  Data in the Q2 2022 State of Fraud & Account Security report shows specific attack attempts skyrocketed, fraud “employment” increased tenfold, and fraud returns for the “Master Fraudster” can be 8X higher than salaries for CEOs leading legitimate companies. . 

“The ROI for cyberattacks is greater than ever, so fraudsters are willing to invest more energy in the right mix of tools and resources to be successful and turn profits,” said Kevin Gosschalk, founder and CEO of Arkose Labs. “Our intelligence shows that bot attacks are mimicking human behavior enough to evade security measures and leading to new monetization techniques. Evolving bot and human-led attacks increasingly target fintech, gaming, and technology companies. Simple automation is a thing of the past as attackers have proven to be quick learners and continue to find ways to sabotage businesses to increase their personal wealth.”

New Arkose Labs intelligence reveals key findings about hot fraud attack trends, which increase the likelihood of growing profits for fraudsters:

  • Profit-Driven Attacks Threaten Trust and Account Security: The high monetization potential of account compromises and fake accounts makes phishing and credential stuffing the attack patterns to watch. Automated account takeovers (ATOs) were 30% higher in Q1 compared to the two years prior. Insights from the Arkose Labs Global Network™ show that 1 in 4 accounts created in the first quarter of 2022 were fake, leading to promotion and free trial abuse. 
  • Bots are Intelligent & Efficient: The first quarter saw consistently higher bot-driven attacks than the average across all of 2021, driven by large-scale scraping and credential stuffing attempts. Scraping attacks increased by 60% in Q1, while 4% of all traffic was a credential stuffing attempt. Bot attacks have three times more complex attack signatures today than in years prior, creating greater detection complexity for businesses. 
  • Low-and-Slow Human-led Attacks Prevail: Many bot threats are being augmented with human-led efforts. These attacks are far more persistent and targeted, and go to greater lengths to attempt to stay under the radar. 
  • Industry-Specific Attacks on the Rise: While every industry saw massive attacks, each industry was targeted in different ways and by varying attack patterns.
    • Fintechs saw 2.5 times more attacks in the first quarter compared to the two years prior. And 75% of attacks aimed at fintech companies were zeroed in on consumer logins.
    • Gaming companies experienced 260% more attacks, including a 85% increase in fake account registrations, compared to Q4 2021. 
    • Technology companies were most impacted by fake accounts, attempting to monetize promotions and free trials. 
    • eCommerce/retail companies saw 30% more attacks in Q1 than two years prior and experienced a 65% increase in fake accounts over Q4 2021, primarily targeting coupon abuse. Account takeover attempts equal 80% of attacks aimed at eCommerce/retail companies..
    • Travel companies experienced an upsurge in scraping attacks aimed at obtaining inventory information, indicating corporate espionage in this sector is expanding. 
  • Fraud in the Metaverse: Attacks on metaverse companies increased 40% since Q4 2021. Unlike automated bot attacks, fraudsters put greater investment into metaverse attacks, requiring more human capital to execute phishing, spam, and scams effectively. Targeted human-led attacks, which require a higher level of sophistication, make up nearly all attacks against metaverse companies. Metaverse companies experience 68% more low-and-slow human-led attacks than non-metaverse companies.
  • Fraudsters Based in Asia Dominate Cyberattacks: 40% of attacks worldwide came from Asia, compared to 1 in 3 attacks originating in Europe and 1 in 5 attacks originating in North America. Within Asia, attacks from China and India increased 70% compared to Q4 2021. The top 5 attacking countries – US, India, China, Great Britain, Vietnam – contributed to over 60% of all actions in Q1. 

Nearly 33% of Cybercrime Losses Come from Online Consumer Account-Based Fraud

Cybercrime is big business. Cybersecurity Ventures estimates that the global cybercrime industry will reach more than $10 trillion by 2025.  In the U.S. the FBI Internet Crime Complaint Center calculated cybercrime losses equaled $6.9 billion in 2021, which represents the latest available data. Online consumer account-based fraud attacks contribute to that figure. In fact, consumer account-based fraud types reported to the FBI total more than $2 Billion, or 29% of the total cybercrime losses declared. 

Table 1:

Account-based fraud attacks tracked in the FBI Internet Crime Report
Confidence Fraud/Romance $956,039,740
Spoofing $82,169,806
Personal data breach $517,021,289
Tech support $347,657,432
Credit card fraud $172,998,385
Phishing/vishing/smishing/pharming $44,213,707
Denial of service: $217,981


Consumers’ online accounts are a major theater of action in cyber warfare because they tend to be easy entry points for fraudsters due to legitimate credentials (usernames and passwords) being readily available for sale on Dark Web networks. 

That’s a field day for individual fraudsters. Arkose Labs Chief Criminal Officer, Brett Johnson, notes he has observed people who fall into the “Rookie Fraudster” category earning wages of $20,000 a month by conducting first-party refund fraud, while people who fall into the “Master Fraudster” category can earn up to $600,000 a month, or $7.2 million annually. According to, the median CEO annual salary in the U.S. is a little more than $790,000. In comparison, Master Fraudster “wages” are 800% more than legitimate business leaders. 

Fraud Employment Outpaces Cybersecurity Jobs 

Cybersecurity may be the only industry that has had sustained zero unemployment for years. According to the (ISC)2 Cybersecurity Workforce Study 2021, 4.19 million people are employed in the cybersecurity industry globally – impressive but not enough, as 2.72 million unfilled jobs exist. The labor shortage in cybersecurity continues to put companies at risk, especially because the number of people entering cybercrime as a career is growing faster than companies can hire and train cybersecurity employees.  

Not only are fraudster “wages” increasing, as demonstrated in the above section, but job growth among fraudsters is rampant. According to Johnson, the number of career fraudsters has increased tenfold since 2019, more than outnumbering the 4.19 million cybersecurity workforce.

Table 2: 

Fraud Job Growth Based on Number of Members Active in Dark-Web Communities
Shadowcrew 2014 4,000 members
Alphabay 2017 240,000 members
Blackmarket 2019 1.15 million members


Arkose Labs has defined two primary categories of fraudsters, based on extensive observations of dark web communities and behavioral data from the Arkose Labs Global Network™. 

Table 3: 

Fraudster Categories Defined
Rookie Fraudster Individuals with little expertise leveraging the fraud ecosystem to make money fast
Uses marketplaces and messaging platforms to purchase bots-as-a-service and execute attacks at scale
Earnings potential: up to $20,000 per month
Master Fraudster Devise complex, multi-pronged attack strategy, using multiple tools scripted together alongside fraud farm workers
Willing to continually invest in resources and development to bypass defenses
Earnings potential: up to $600,000 per month

Rookie Fraudsters move into the Master Fraudster category due to the vast information sharing of attack techniques on the dark web,” said Johnson. “Marketplace and messaging platforms have become popularized in the fraud community where cybercriminals can promote their own personal fraud business, recommend attack tools and techniques, and offer free step-by-step guides for the Rookie Fraudster. With this widespread information sharing, human fraudsters are capable of using bot tools to attack at scale and Rookie Fraudsters uplevel their attack skills much faster.”

According to Johnson, the number of active fraudsters has increased 10x since 2019, due in large part because of the “easy money” that could be made from unemployment stimulus programs during the pandemic. “Many Rookie Fraudsters ramped up during the pandemic because of the ROI that could be made.” 

The platform of cybercrime itself is so sophisticated, that a Rookie Fraudster doesn’t need to know anything to come in and be profitable. “They can buy a tutorial for $5 or $10, take a live instruction class that runs anywhere from $300 up to $3,500, which teaches the type of fraud they want to focus on; they can watch YouTube videos to perfect their approach, and they can simply ask questions of other fraudsters in dark-web chat channels,” Johnson said.

The great equalizer between the estimated 15 million fraudsters and the 4.19 million cybersecurity workers is technology. For legitimate companies to protect their consumers’ online accounts and prevent fraud, requires companies to invest in technology that works.  Today, Arkose Labs provides support for some of the world’s most recognized brands and platforms including PayPal, Zilch, Microsoft, Roblox, and Pitney Bowes. Arkose Labs protects industries like fintech, banking, gaming, ecommerce/retail, technology, travel, and social media.

About the Report

The 2022 Q2 State of Fraud & Account Security is based on actual user sessions and attack patterns analyzed by the Arkose Labs Fraud Deterrence Prevention Platform from January through March 2022. These sessions, spanning account registrations, logins, and payments from financial services, ecommerce, travel, social media, gaming, and entertainment, were analyzed in real-time to provide insights into the evolving fraud and risk landscape. The report focuses on attacks from fraud outlets that combine state-of-the-art technology with stolen identity credentials and human efforts. The report also is based on deep, bespoke investigations into dark web communities. 

About Arkose Labs

Arkose Labs’ mission is to create an online environment where all consumers are protected from malicious activity. Recognized by Gartner as a “Cool Vendor in Fraud and Authentication,” the company offers the world’s first $1 million credential stuffing warranty. Its AI-powered platform combines powerful risk assessments with dynamic attack response that undermines the ROI behind attacks while improving good user throughput. Headquartered in San Mateo, CA with offices in Brisbane and Sydney, Australia, Tokyo, Japan, San Jose, Costa Rica, and London, UK, the company debuted as the 83rd fastest-growing company in North America on the 2021 Deloitte Fast500 ranking.


Jean Creech Avent

Global Head of Brand and Communications

Arkose Labs

[email protected]  

+1 843-986-8229 

Share Now