26.5% of all online transactions were fraud and abuse attempts in the first quarter of 2020, which is a 20% increase over the previous quarter
26.5% of all online transactions were fraud and abuse attempts in the first quarter of 2020, which is a 20% increase over the previous quarter, according to Arkose Labs’ Q2 2020 Fraud and Abuse Report.
With COVID-19 restricting face-to-face interactions across the globe, consumer behavior is in flux and digital transactions are on the rise. Organized fraud operations have been quick to mobilize, targeting spikes in digital activity.
Changing Attack Patterns during COVID-19
The report revealed that the United States emerged as the top originator of cyberattacks, with attack levels increasing 20% since the previous quarter. There was a sharp increase in attacks originating from other well-established economies, such as the United Kingdom, Germany, and Canada.
The speed at which the cybercrime ecosystem adapts to changing socio-economic circumstances is highlighted by changing attack methods. Earlier in the quarter, Arkose Labs detected a sharp decline in human-driven attacks originating from low-cost ‘sweatshop’ resources. This is attributed to early lockdowns in traditional fraud hubs within Asia.
Major spikes in fraudulent activity at the end of the quarter, once lockdowns were in full force, were largely driven by automation. Automated attacks are easier to scale up quickly, allowing fraudsters to quickly take advantage of the changing digital landscape.
However, localized pockets of sweatshop-driven activity show that economic hardships will lead to new fraud hubs emerging. For example, there was a sharp spike in human-driven fraud originating from Italy and Peru directly after lockdowns were announced. Just as the corporate world adjusts to working from home, so does the world of fraud – tapping into an increasingly distributed network of resources to carry out attacks.
“COVID-19 is shaping up to be the next big impetus for digital transformation across industries, as widespread lockdowns and social distancing mandates increase global reliance on the digital economy,” said Vanita Pandey, VP of Strategy at Arkose Labs. “As face-to-face interactions dwindle, digital attack vectors are multiplying at a record rate, creating almost perfect working conditions for fraudsters, who are grasping every available opportunity to exploit both individuals and enterprises during the crisis.”
Impact Across Industries
With changes in consumer behavior due to COVID-19 varying drastically across the industries, fraudsters are shifting their focus accordingly. Top targets for online fraud in the COVID-19 era include:
- Retail and Travel: The attack rate has doubled from 13% of transactions to 26%, driven by attacks on ecommerce companies as travel tailed off due to restrictions.
- Gaming: With a 30% rise in gaming traffic, the industry was hard hit with a 23% increase in attack rates.
- Information Technology: As both personal and professional collaboration and communication shifts online, attacks on tech platforms have risen 16%. Fraudsters looking to blend in with this traffic ramped up their attacks by 25% on new account registrations.
COVID-19 Fraud Predictions
Based on trends from the first quarter of the year, Arkose Labs outlines several predictions on the ongoing effects of COVID-19 on fraud and transaction patterns:
- A continued, dramatic rise in attacks as fraudsters take advantage of economic uncertainty and new individuals are pushed into cybercrime due to high unemployment.
- Automation to drive the bulk of the increase in fraud, as low-skill fraudsters who are new to the game take advantage of online tutorials and user-friendly, inexpensive fraud toolkits.
- Wider pool of sweatshop labor available with a move away from traditional fraud hubs to a distributed model of ‘guns for hire’ across the globe.
- New attack vectors to emerge as opportunistic fraudsters widen their reach amidst the pandemic
- Exploitation of vulnerable individuals with a spike in social engineering and phishing scams targeting new users within the digital economy.
“We have a mission at Arkose Labs to rid the world of the scourge of fraud, spam, and abuse in all its forms, and never has our mission been more vital than in today’s turbulent world,” said Pandey. “With businesses and consumers facing serious hardships at this time it is imperative that the business and fraud prevention community step up to protect consumers from the added strain of identity abuse, fraud and scams.”
Based on actual user sessions and attack patterns from January through March, 2020 Arkose Labs Fraud and Abuse Report analyzed number transactions spanning account registrations, logins and payments across the financial services, ecommerce, travel, social media, gaming and entertainment sectors. The findings investigate the mechanics of attacks originating from automated bots, humans and ‘sweatshops,’ which represent large groups of low-paid workers who carry out launch attacks or make fraudulent transactions on behalf of fraudsters.