Over half of social media logins are fraudulent
Social media sites are a popular target for cybercriminals. It shouldn't come as too much of a surprise therefore to find that 53 percent of logins on social media sites are fraudulent and 25 percent of all new account applications are too.
These are among the findings of a study by anti-fraud platform Arkose Labs which analyzed over 1.2 billion transactions spanning account registrations, logins and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, in real time.
"We are in an era where online identity, intent, business, metrics and content can all be faked. This can have serious security and ﬁnancial repercussions for any business with an online presence, especially as they try to balance risk management with the delivery of exceptional customer experience," says Kevin Gosschalk, CEO of Arkose Labs. "Meanwhile, the risk landscape is quickly becoming increasingly complex because fraudsters have easy access to sophisticated tools and resources. This means that they can tweak their attack patterns as long they remain profitable."
The study shows automated attacks represent the bulk of the traffic, ranging from large-scale account validation attacks, to bots blocking seats on an airline to scripted attacks that scrape user data and inventory. Further analysis found that most attacks from China (59.3 percent) are human driven, which is more than four times higher than the US, Russia, the Philippines, and Indonesia.
Where social media is concerned more than 75 percent of attacks are from automated bots. Unlike other industries, account takeover attacks are more common for social media, with logins twice as likely to be attacked than account registrations. This is driven by the fraudsters looking to harvest rich personal data from the accounts of legitimate users.
"The extremely high attack rate on social media logins is indicative of the value placed on the data fraudsters extract from compromised social accounts," adds Gosschalk. "Because more than 50 percent of social media logins are fraud, we know that fraudsters are using large-scale bots to launch attacks on social media platforms with the goal of disseminating spam, stealing information, spreading social propaganda and executing social engineering campaigns targeting trusting consumers."
The full report which also looks at attack trends in the technology, retail and financial sectors is available from the Arkose site.