- SolutionsUSE CASES
Protect users’ accounts
Slash fraud losses
Prevent spam and bots
International Revenue Share Fraud
Stop fake account registrations
Stop malicious scraping
Secure API traffic
Banking & fintech accounts
reCAPTCHA Alternative: Why 10 companies switched from reCAPTCHA to Arkose Labs to win against bots.
Bad Bots and Beyond: 2023 State of the Threat
With Arkose Labs’ 2023 State of the Threat Report, you will find extensive information and best practices around
USE CASESProtect users’ accounts
Slash fraud losses
Stop fake account registrations
International Revenue Share Fraud
Stop malicious scraping
Banking & fintech accounts
Secure API traffic
INDUSTRIESProtect users’ accounts
Banking & fintech accounts
Stop malicious scraping
Stop fake account registrations
International Revenue Share Fraud
Secure API traffic
Prevent spam and bots
Banking & fintech accounts
Slash fraud losses
- ProductsPRODUCTS
Stop bot attacks by driving up adversarial effort and cost
Assess email risk at bot scale
Detect and block reverse-proxy phishing attacks
Unique, customizable & performance improvement challenges
Transparent fraud detection
Email risk detection with bot mitigation
Real-time attack deterrence
Challenges that Revolutionized CAPTCHAs
WHY ARKOSE LABSSabotage attacker’s ROI
Industry-first SLA guarantee
Industry-first SLA guarantee
Industry-first SLA guarantee
SERVICES & SUPPORTProfessional services expertise
Fast, reliable support
Flexible open platform
- Industries
Proactively fight fraud
Accelerate secure commerce
Protect gaming platforms
Protect web-based services
Protect content & accounts
Stop large scale attacks
Broker P2P trust
Adobe: Adobe Reduces Fake Account Risk and Improves User Experience with Arkose Labs
- ResourcesINSIGHTS
Read our thought leadership blogs
Customer success stories
Videos from the Arkose Labs team
EVENTSEDUCATIONExpert Guide to Account & Identity Fraud
THOUGHT LEADERSHIPData-driven research reports
Fraud prevention guides
Fraud thought leadership
Learn how Arkose Labs prevents fraud
View all Arkose Labs content
Reference Guide: Discover SMS Toll Fraud and tailor insights to your industry
INSIGHTSEVENTSEDUCATIONTHOUGHT LEADERSHIP - Company
Pioneers in Fraud Prevention
Trusted by global brands
The latest news featuring Arkose Labs
Meet with us at industry events
Learn more about our founding, approach, and industry accolades.
- Customers
Q1 2024
The travel and hospitality sector is facing a variety of cyber challenges, especially during peak seasons. To improve the experience for authentic travelers, online businesses may ease security protocols, believing that the substantial volume of real transactions will surpass any fraudulent ones. Malicious entities can manipulate this leniency by creating deceptive bookings or exploiting stolen payment information, resulting in financial setbacks for service providers and their consumers. Fraud should no longer be considered an acceptable cost of doing business.
This industry brief utilizes data from our comprehensive bot abuse analysis, focusing on the top attack vectors in travel and hospitality during Q1, Q2, and Q3 2023. It seeks to provide data-driven insights into attacks on the travel and hospitality sector, offering effective detection and prevention strategies. Insights are drawn from the Arkose Labs Global Intelligence Network, which includes major corporations and category leaders. These entities, prime targets for cyber threats, provide a unique perspective for monitoring and analyzing cyber activities.
Attack type by industry in H1 2023:
We analyzed billions of sessions worldwide across industries, between January 2023 and September 2023, and assessed three primary attack vectors fraudsters use to launch various cyberattacks. In sum, these methods generated billions of attacks in the first half of 2023 and into Q3, comprising 73% of website and app traffic measured. That means almost ¾ of web traffic to digital properties is malicious.
In the travel sector, criminals dedicate substantial time and resources to activities such as credential stuffing, phishing attacks, and other fraudulent endeavors. But when faced with robust site protection, bad actors can no longer achieve the economic gains they seek and ultimately move on. This principle underlies the core philosophy of Arkose Labs—making attacks too costly for adversaries to persist.
The Bad Side of Bots
Malicious bots play a key role in the strategy of attackers, executing precise and impactful attacks tailored for the travel and hospitality sector. Notably, a staggering 76% of web traffic in the travel and hospitality sector is attributed to bad bots.
The percentage of traffic by industry that comes from bad bots:
Between Q1 2023 and Q2 2023, intelligent bot traffic experienced a nearly fourfold increase. This growth surpassed basic bots and played a pivotal role in the overall surge of approximately 167% in bot attacks during the same period.
While the prevalence of automated threats is a significant concern, there has also been a marked 26% uptick in human-based attacks during Q3. When malicious bots fail to make it past security defenses, threat actors turn to human fraud farms to complete their mission.
Beating these adversaries demands technology that dynamically targets human solvers and applies adaptive, time-consuming challenges. With this capability in place, travel and hospitality businesses can defeat the economics behind attacks that exploit human labor at scale.
Concerning Trends and Crimes in Travel Sector
From inventory hoarding to credential stuffing to web scraping, the travel sector is facing some concerning trends. Some companies engage in inventory hoarding by placing holds on competitors’ seats or reservations. They then release them slowly as demand increases, manipulating pricing and potentially undercutting the competition with cheaper rates from the onset.
Credential stuffing poses another significant threat to the travel and hospitality sector, particularly in the abuse of loyalty programs. Cybercriminals like targeting loyalty point accounts because they are typically not watched closely. Even though these accounts can have a lot of value, they are often protected with simple passwords that go unchanged. Once in control of the points, criminals can convert them into untraceable items like gift cards or sell them for money on the dark web, posing minimal risk for fraudsters.
Stolen personal information can be exploited for identity theft and other serious crimes, including money laundering. Cybercriminals exploit accounts through credential stuffing and convert loyalty points and rewards into cash or cryptocurrency. This conversion often occurs through the illicit sale of fraudulently obtained rewards on the dark web or through other underground channels, providing a means to launder money discreetly. Funds gained through loyalty abuse may be channeled to finance other serious crimes, from drug trafficking to terrorism.
In Q3 alone, a staggering 72% of all cyberattacks witnessed were attributed to malicious web scraping. This rise is closely tied to the increasing demand for data to fine-tune AI models and, in some instances, to undercut competing businesses. The proliferation of AI-powered services utilizing bots for large-scale scraping has become a prominent driver behind this surge.
Two Cyber Threats Driving Bot Attacks in Travel
Two technology trends, influenced by powerful economic forces, are driving the surge in bot and human fraud farm attacks:
1. Generative AI (GenAI):
GenAI technology poses a multifaceted threat to the travel and hospitality sector, enabling attacks through various means. GenAI helps bad actors craft convincing phishing emails, targeting customers with deceptive communications from travel businesses. These emails, meticulously personalized using publicly available information, convincingly mimic the communication style and branding of the legitimate business. As unsuspecting consumers interact with these emails, they may inadvertently disclose sensitive information, including login credentials and personal details.
GenAI-generated phishing emails may offer exclusive travel deals, personalized vacation packages, or enticing loyalty program rewards. The deceptive nature of these communications makes it challenging for recipients to discern the fraudulent intent. Within these emails, there may be links leading to counterfeit login pages or malicious attachments aimed at compromising user systems.
2. Cybercrime-as-a-Service (CaaS):
Bad actors are advancing their skills by embracing the CaaS model, deploying bots and unleashing attacks that cause trillions of dollars in damages. This shift lowers the barrier to entry and grants access to cybercrime for a broader range of actors, making it easier to launch attacks with limited technical skills.
The CaaS model directly impacts travel and hospitality by establishing an online bazaar where cybercriminals can easily procure ready-made bots, tools and expertise, like “customer service” and “training” modules. These marketplaces enhance the efficiency and reach of cyber threats, posing an immediate risk to the security of online transactions, consumer data, and overall operations.
The affordability and popularity of these marketplaces are pressing security teams to bolster their efforts against these rising threats. The widespread impact, economic incentives for cybercriminals, increased sophistication of attacks, and the potential monetization of stolen data contribute to the need for enhanced vigilance. As these marketplaces attract a broader range of threat actors and pose challenges in terms of reputation management and regulatory compliance, security teams must stay ahead of evolving attacks.
Industry Benchmarks
In the first half of 2023, nearly every industry experienced an increase in the number of attacks. Here are the top 5 sectors under attack, by volume:
The Growing Scourge of Attacks
Arkose Labs Can Help
Arkose Labs safeguards businesses by disrupting the financial incentives driving bot attacks. Our long-term bot mitigation and account security solutions focus on protecting critical user touch-points: account login and registration. By identifying hidden attack signals and undermining attackers' return on investment, we enhance security without compromising user experience.
Our unique platform, Arkose Bot Manager, analyzes user session data to assess context, behavior, and reputation, classifying traffic based on risk profiles. Suspicious traffic faces enforcement challenges, distinguishing between legitimate users and fraudsters to block automated activities and ensure a secure consumer experience.
The difference between Arkose Labs and our past solution is night and day for us. Previous defenses created a bad user experience, while Arkose Labs solves the problem and makes it fun for our users.
Antoni Choudhuri
Roblox
Book a Meeting
Meet with a fraud and account security expert