More Than Half of Logins on Social Media Platforms Are Fraud, as Arkose Labs Report Exposes Targeted Industries and Unique Attack Patterns
SAN FRANCISCO–(BUSINESS WIRE)–Social media sites have become lucrative targets for criminals looking for quick monetization. More than half of logins (53%) on social media sites are fraudulent and 25% of all new account applications on social media are fraud,according to the Q3 Fraud and Abuse Report today released by Arkose Labs, the platform that bankrupts the business model of fraud and abuse.
“Meanwhile, the risk landscape is quickly becoming increasingly complex because fraudsters have easy access to sophisticated tools and resources. This means that they can tweak their attack patterns as long they remain profitable.” Tweet this
By 2021, it is estimated that cybercrime will cost the global economy more than $6 trillion in damages, surpassing the annual costs for natural disasters and the global drug trade. While the digital economy has led to a globally connected ecosystem, one unintended consequence of this digital growth has been the rapid increase in fraud and online abuse. It has never been easier to connect with people worldwide on social media, gaming platforms or on digital marketplaces – and it has never been easier to launch large-scale automated, organized attacks on businesses from across the globe.
The Arkose Labs Q3 Fraud and Abuse Report analyzed over 1.2 billion transactions spanning account registrations, logins and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, in real time, to provide insights on the evolving threat landscape. The report found that one in 10 transactions are attacks, ranging from automated bots to malicious humans.
“We are in an era where online identity, intent, business, metrics and content can all be faked. This can have serious security and financial repercussions for any business with an online presence, especially as they try to balance risk management with the delivery of exceptional customer experience,” said Kevin Gosschalk, CEO of Arkose Labs. “Meanwhile, the risk landscape is quickly becoming increasingly complex because fraudsters have easy access to sophisticated tools and resources. This means that they can tweak their attack patterns as long they remain profitable.”
The Philippines is the Top Attack Originator
According to the report, the U.S., Russia, the Philippines, UK and Indonesia have emerged as the top originators of attacks, with the Philippines as the single biggest attack originator for both automated and human driven attacks and the U.S. a distant second.
Of the 1.2 billion transactions analyzed, automated attacks represent the bulk of the traffic, ranging from large-scale account validation attacks, to bots blocking seats on an airline to scripted attacks that scrape user data and inventory. Further analysis found that most attacks from China (59.3%) are human driven, which is more than four times higher than the U.S., Russia, the Philippines, and Indonesia.
“Fraudsters are motivated by financial gain and they will continue to deploy malicious techniques as long as there is money to be made. Sometimes fraudsters have to rely on humans to carry out attacks. These attacks cost more, but the value they can extract from the attack makes the investment worthwhile,” said Vanita Pandey, VP Strategy at Arkose Labs. “Developing economies are quickly becoming fraud hubs because they have easy access to sophisticated tools, cheap manual labor and good economic incentives associated with online fraud.”
Social Media Fraud is Skyrocketing
Social media platforms are becoming increasingly influential in the digital economy, allowing consumers to connect with others, share personal information and opinions, make buying decisions, write reviews and consume information.
From account takeover attacks, to fraudulent account creation attacks, to spam and abuse, social media platforms see a variety of attacks from bots as well as organized malicious humans. However, more than 75% of attacks on social media are automated bot attacks.
Unlike other industries, account takeover attacks are more common for social media, with logins twice as likely to be attacked than account registrations. This is driven by the fraudsters looking to harvest rich personal data from the accounts of legitimate users.
“The extremely high attack rate on social media logins is indicative of the value placed on the data fraudsters extract from compromised social accounts,” said Gosschalk. “Because more than 50% of social media logins are fraud, we know that fraudsters are using large-scale bots to launch attacks on social media platforms with the goal of disseminating spam, stealing information, spreading social propaganda and executing social engineering campaigns targeting trusting consumers.”
Technology Companies Heavily Targeted by Human Driven Fraud
The technology segment is heavily targeted by human click-farms and sweatshops, which employ a large group of low-paid workers hired specifically to make fraudulent transactions or create fake accounts. According to the report, 43% of all attacks on tech companies are human driven and account registrations for tech companies are four times more likely to be attacks than logins.
“Technology companies who offer a ‘freemium’ model with quick, frictionless onboarding for new customers are attractive targets for fraudsters looking to test stolen credentials or create fake accounts to access the services,” said Pandey. “2019 is tracking to be a record year for data breaches and all of the recent tech breaches are providing fraudsters with refreshed access to new information. As we head into the holiday season, it is clear that businesses will experience the impact in terms of new fraud attacks.”
Financial Services Fraud Varies by Season, Time of Day
Arkose Labs has observed that 9% of the total login attempts are fraudulent with a third coming from human driven attacks. These attacks focus on taking over a legitimate user’s account to transfer funds or sign up for fraudulent purchases.
The attack mix varies by the time of the day with fraudsters mimicking the daily user traffic patterns and operating during traditional business hours. At the same time, the financial services segment also witnesses seasonality in the attack patterns, with attack volumes and human driven attacks increasing during high-traffic periods, like the tax season in the U.S.
Payment Transactions in the Travel Industry at High Risk for Fraud…