Solution Brief

Bot Abuse Analysis and other Fraud Benchmarks - Financial Services Industry

Executive Summary

In the world of financial services, a prominent neobank recently grappled with a pressing issue: the escalating threat posed by malicious bots. Recognized as a global pioneer in fintech, this bank found itself in the crosshairs of cybercriminals using bots to target user accounts. Driven by profit, fraudsters posed a major risk to the business, with a staggering 45% of sector traffic attributed to their activities.

Minimizing the need for frequent credential resets on compromised accounts allowed the neobank to not only fortify its defenses against bad bots, but also to demonstrate the advantages of proactive prevention.


The gravity of this issue is now at the forefront, highlighting the use of bots in manipulating financial transactions, contributing to market volatility, and raising alarm bells for investors. This industry brief utilizes data from our comprehensive bot abuse analysis, focusing on the top attack vectors in financial services during Q1, Q2, and Q3 2023. It seeks to provide data-driven insights into attacks on this industry, offering effective detection and prevention strategies.

Insights are drawn from the Arkose Labs Global Intelligence Network, which includes major corporations and category leaders. These entities, prime targets for cyber threats, provide a unique perspective for monitoring and analyzing cyber activities.

Attack type by industry in H1 2023:

Attack type by industry in H1 2023

We analyzed billions of sessions worldwide across industries, between January 2023 and September 2023, and assessed three primary attack vectors fraudsters use to launch various cyberattacks. In sum, these methods generated billions of attacks in the first half of 2023 and into Q3, comprising 73% of website and app traffic measured. That means almost ¾ of web traffic to digital properties is malicious.

Percentage of legitimate traffic vs. bots and malicious traffic

In the financial services sector, criminals dedicate substantial time and resources to activities such as phishing attacks, credential stuffing, and other fraudulent endeavors. But when faced with robust site protection, bad actors can no longer achieve the economic gains they seek and ultimately move on. This principle underlies the core principle of Arkose Labs—making attacks too costly for adversaries to persist.

The Bad Side of Bots

Basic Bots, Intelligent Bots, and Human Fraud Farms

From Q1 2023 to Q2 2023, intelligent bot traffic nearly quadrupled—far outpacing basic bots and heavily contributing to a total increase of approximately 167% for all bot attacks. Specifically for financial services, almost half (45%) of online traffic comes from malicious bots.

Increase in attack type from Q1 to Q2 2023

Through the end of Q3, we analyzed billions of sessions worldwide for financial services, between January and September of 2023, and assessed three primary attack vectors fraudsters use to launch attacks, like web scraping, fake account creation, ATOs, and payment attacks.

Top 4 Attack Types with Biggest Increases from Q1 to Q2

While the prevalence of automated threats is a significant concern, there has also been a marked 26% uptick in human-based attacks during Q3. When malicious bots fail to make it past security defenses, threat actors often turn to human fraud farms to complete their mission.

Notably, when the effort-to-attack ratio becomes prohibitively high, causing threat actors to spend excessive time and resources on endeavors like SMS toll fraud, they tend to shift their criminal focus away from financial services companies that are well protected.

Beating these adversaries demands technology that dynamically targets human solvers and applies adaptive, time-consuming challenges. With this capability in place, financial services organizations can defeat the economics behind attacks that exploit human labor at scale.

Intelligent Bot Attacks Top 5 countries of apparent origination

Fraud Farm Attacks Top 5 countries of apparent origination

Two Cyber Threats Driving Bot Attacks in Financial Services

Two technology trends, influenced by powerful economic forces, are driving the surge in bot and human fraud farm attacks:

1. Generative AI (GenAI):

GenAI technology presents a multifaceted threat to financial services by facilitating attacks through various means. It empowers malicious actors to craft convincing phishing emails, tailor investment opportunities, or devise enticing loyalty programs, all aimed at deceiving consumers through personalized communication. These emails often include links leading to counterfeit login pages or malicious attachments, with the goal of compromising user accounts or financial systems.

Scenario at a Glance

Meticulously personalized using publicly available information, these deceptive emails convincingly mimic the communication style and branding of legitimate businesses. In fact, 46% of attacks on financial organizations involve some form of phishing.1 As unsuspecting consumers engage with these emails, they may inadvertently divulge sensitive information such as login credentials and personal details.

Example of phishing email from attackers posing as the IRS

2. Cybercrime-as-a-Service (CaaS):

Bad actors are advancing their skills by embracing the CaaS model, deploying bots and unleashing attacks that cause trillions of dollars in damages. It involves the utilization of ready-made, purpose-built software kits for purchase by fraudsters, so they can orchestrate attacks on financial institutions. This shift lowers the barrier to entry and grants access to cybercrime for a broader range of actors.

Individuals possessing technical expertise are constructing these bots and distributing them to threat actors lacking such technical proficiency. Skilled attackers can now sustain themselves by building and selling bots to other fraudsters, even providing training on how to operate them, eliminating the need for direct involvement in criminal activities. CaaS is altering the entry requirements for newcomers to fraud as well as experienced technical attackers.

The CaaS model directly impacts financial services by establishing an online bazaar where cybercriminals can easily procure ready-made bots, tools, and expertise, like “customer service” and “training” modules. These digital marketplaces enhance the efficiency and reach of cyber threats, posing an immediate risk to the security of online transactions, consumer data, and overall operations.

The affordability and popularity of these marketplaces are pressing security teams to bolster their efforts against these rising threats. The widespread impact, economic incentives for cybercriminals, increased sophistication of attacks, and the potential monetization of stolen data contribute to the need for enhanced vigilance. As these marketplaces attract a broader range of threat actors and pose challenges in terms of reputation management and regulatory compliance, security teams must stay ahead of evolving attacks.

CaaS Quote from CEO of Arkose Labs

Industry Benchmarks

In the first half of 2023, nearly every industry experienced an increase in the number of attacks. Here are the top 5 sectors under attack, by volume:

Five industries under attack by volume

The Growing Scourge of Attacks

The Growing Scourge of Attacks

Attack Type Breakdown by Industry in H1 2023

Attack Type Breakdown by Industry in H1 2023

Arkose Labs Can Help

Arkose Labs safeguards businesses by disrupting the financial incentives driving bot attacks. Our long-term bot mitigation and account security solutions focus on protecting critical user touch-points: account login and registration. By identifying hidden attack signals and undermining attackers' return on investment, we enhance security without compromising user experience.

Benefits of working with Arkose Labs

Our unique platform, Arkose Bot Manager, analyzes user session data to assess context, behavior, and reputation, classifying traffic based on risk profiles. Suspicious traffic faces enforcement challenges, distinguishing b etween legitimate users and fraudsters to block automated activities and ensure a secure consumer experience.

Arkose Labs for Financial Services

Book a Meeting

Meet with a fraud and account security expert

Request a customized demo to learn more.