Fraudsters turn to the human factor to boost their attacks
For all of today's sophisticated technology, sometimes there's no substitute for the human touch when it comes to getting the job done and it seems this applies to fraud as much as legitimate business.
Online fraud prevention specialist Arkose Labs has released its latest Fraud and Abuse Report, which shows that human-driven attacks are up 90 percent in the last quarter of 2019 compared to the previous six months.
The report analyzed more than 1.3 billion transactions spanning account registrations, logins and payments across the financial services, eCommerce, travel, social media, gaming and entertainment sectors. It looks at the mechanics of attacks originating from automated bots, humans and 'sweatshops', which represent large groups of low-paid workers who carry out attacks or make fraudulent transactions on behalf of fraudsters.
While automated attacks grew by 25 percent and are getting more sophisticated, the rise in human-driven attacks is attributed to fraudsters leveraging sweatshop-like workers to enhance effectiveness. These attack levels increased during high online traffic periods as fraudsters attempted to blend in with legitimate traffic, with peak attack levels 50 percent higher than seen in Q2 of 2019.
Human-driven attacks from Venezuela, Vietnam, Thailand, India and Ukraine all grew, while attacks launched from the Philippines, Russia and Ukraine almost tripled compared to Q2 2019.
"Notable shifts are occurring in today’s threat landscape, with fraudsters no longer looking to make a quick buck and instead opting to play the long game, implementing multi-step attacks that don't initially reveal their fraudulent intent," says Kevin Gosschalk, CEO of Arkose Labs. "Fraudsters are increasingly augmenting their attacks by outsourcing activity to human sweatshop resources, causing a surge in fraud within certain industries such as online gaming and social media."
Social media is a particular target for attack with two in five login attempts and one in five new account registrations being fraudulent. The human versus automated attack mix also rose, with more than 50 percent of social media login attacks being human-driven. Online gaming attack rates grew 25 percent in the last quarter, with most of the growth coming from human-driven attacks on new account registrations and logins.
"Ultimately, the only sustainable approach to combating cybercrime is adopting a zero tolerance approach that undermines the economic incentives behind fraud. Tolerating fraud as 'the cost of doing business' exacerbates the problem long-term," adds Gosschalk. "To identify the subtle, tell-tale signs that predict downstream fraud, organizations must prioritize in-depth profiling of activity across all customer touchpoints. By combining digital intelligence with targeted friction, large-scale attacks will quickly become unsustainable for fraudsters."
The full report can be downloaded from the Arkose site.