More than half of logins (53%) on social media sites are fraudulent and 25% of all new account applications on social media are fraud, according to the Q3 Fraud and Abuse Report by Arkose Labs.
The report analyzed more than 1.2 billion transactions spanning account registrations, logins and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, in real time, to provide insights on the evolving threat landscape. The report found that one in 10 transactions are attacks, ranging from automated bots to malicious humans.
The Philippines is the Top Attack Originator
According to the report, the U.S., Russia, the Philippines, UK and Indonesia have emerged as the top originators of attacks, with the Philippines as the single biggest attack originator for both automated and human driven attacks and the U.S. a distant second.
Of the 1.2 billion transactions analyzed, automated attacks represent the bulk of the traffic, ranging from large-scale account validation attacks, to bots blocking seats on an airline to scripted attacks that scrape user data and inventory. Further analysis found that most attacks from China (59.3%) are human driven, which is more than four times higher than the U.S., Russia, the Philippines, and Indonesia.
“Fraudsters are motivated by financial gain and they will continue to deploy malicious techniques as long as there is money to be made. Sometimes fraudsters have to rely on humans to carry out attacks. These attacks cost more, but the value they can extract from the attack makes the investment worthwhile,” said Vanita Pandey, VP Strategy at Arkose Labs. “Developing economies are quickly becoming fraud hubs because they have easy access to sophisticated tools, cheap manual labor and good economic incentives associated with online fraud.”
Social Media Fraud is Skyrocketing
Social media platforms are becoming increasingly influential in the digital economy, allowing consumers to connect with others, share personal information and opinions, make buying decisions, write reviews and consume information.
From account takeover attacks, to fraudulent account creation attacks, to spam and abuse, social media platforms see a variety of attacks from bots as well as organized malicious humans. However, more than 75% of attacks on social media are automated bot attacks.
Unlike other industries, account takeover attacks are more common for social media, with logins twice as likely to be attacked than account registrations. This is driven by the fraudsters looking to harvest rich personal data from the accounts of legitimate users.
Technology Companies Heavily Targeted by Human Driven Fraud
The technology segment is heavily targeted by human click-farms and sweatshops, which employ a large group of low-paid workers hired speciﬁcally to make fraudulent transactions or create fake accounts. According to the report, 43% of all attacks on tech companies are human driven and account registrations for tech companies are four times more likely to be attacks than logins.
Financial Services Fraud Varies by Season, Time of Day
Arkose Labs has observed that 9% of the total login attempts are fraudulent with a third coming from human driven attacks. These attacks focus on taking over a legitimate user’s account to transfer funds or sign up for fraudulent purchases.
The attack mix varies by the time of the day with fraudsters mimicking the daily user traffic patterns and operating during traditional business hours. At the same time, the ﬁnancial services segment also witnesses seasonality in the attack patterns, with attack volumes and human driven attacks increasing during high-traffic periods, like the tax season in the U.S.
Payment Transactions in the Travel Industry at High Risk for Fraud
The rise of online travel has created a wealth of convenience and opportunity, but the travel industry is also seeing an increase in fraud.
Payment transactions in the travel industry are 10 times more likely to be attacked, especially from automated bots looking to block inventory, leading to denial of inventory attacks or a signiﬁcant increase in ticket price. Arkose Labs also found that almost 10% of all login attempts on travel sites are fraud and 46% of all payment transactions for travel are fraud. Travel companies are under attack from fraudsters trying to make fraudulent purchases, conduct denial of inventory attacks or steal hard-earned customer loyalty points, which are essentially liquid cash.
Retail Industry Attracts Sophisticated Human Attacks
The retail industry experiences the highest volume of human driven attacks, with more than half of attacks being human driven. Unlike bot traffic, inauthentic human traffic is harder to detect as human behavior is unpredictable and highly nuanced.