From automated bots to malicious humans, one in 10 transactions are attacks

By 2021, it is estimated that cybercrime will cost the global economy more than USD 6 trillion in damages, surpassing the annual costs for natural disasters and the global drug trade. While the digital economy has led to a globally connected ecosystem, one unintended consequence of this digital growth has been the rapid increase in fraud and online abuse.

The Arkose Labs Q3 Fraud and Abuse Report analyzed over 1.2 billion transactions spanning account registrations, logins and payments from financial services, ecommerce, travel, social media, gaming and entertainment industries, in real time, to provide insights on the evolving threat landscape.

According to the report, the US, Russia, the Philippines, UK and Indonesia have emerged as the top originators of attacks, with the Philippines as the single biggest attack originator for both automated and human driven attacks and the US a distant second.
Of the 1.2 billion transactions analyzed, automated attacks represent the bulk of the traffic, ranging from large-scale account validation attacks, to bots blocking seats on an airline to scripted attacks that scrape user data and inventory. Further analysis found that most attacks from China (59.3%) are human driven, which is more than four times higher than the US, Russia, the Philippines, and Indonesia.\

Social media platforms are becoming increasingly influential in the digital economy, allowing consumers to connect with others, share personal information and opinions, make buying decisions, write reviews and consume information. From account takeover attacks, to fraudulent account creation attacks, to spam and abuse, social media platforms see a variety of attacks from bots as well as organized malicious humans. However, more than 75% of attacks on social media are automated bot attacks. Unlike other industries, account takeover attacks are more common for social media, with logins twice more likely to be attacked than account registrations.

The rise of online travel has created a wealth of convenience and opportunity, but the travel industry is also seeing an increase in fraud. Payment transactions in the travel industry are 10 times more likely to be attacked, especially from automated bots looking to block inventory, leading to denial of inventory attacks or a signi?cant increase in ticket price. Arkose Labs also found that almost 10% of all login attempts on travel sites are fraud and 46% of all payment transactions for travel are fraud. Travel companies are under attack from fraudsters trying to make fraudulent purchases, conduct denial of inventory attacks or steal hard-earned customer loyalty points, which are essentially liquid cash.

The retail industry experiences the highest volume of human driven attacks, with more than half of attacks being human driven. Unlike bot traffic, inauthentic human traffic is harder to detect as human behavior is unpredictable and highly nuanced.