Surge in credential stuffing attacks and Europe as a fraud epicentre, reveals data from Arkose Labs

Friday 13 November 2020 14:11 CET | News

Arkose Labs has released new data-driven analysis of 2020 fraud trends that shows a rise in consumer digital traffic has corresponded with a rise in fraud attacks.

According to the press release, as the year progresses and more people than ever are online, historically ‘normal’ online behavioural patterns are no longer applicable and holiday levels of digital traffic continue to occur on a near daily basis. Fraudsters are exploiting old fraud modeling frameworks that fail to take today’s realities into account, attempting to blend in with trusted traffic and carry out attacks undetected.

Therefore, in Q3 of 2020, the Arkose Labs network saw its highest ever levels of bot attacks. 1.3 billion attacks were detected in total, with 64% occurring on logins and 85% emanating from desktop computers. Due to the widespread availability of usernames, email addresses, and passwords from years of data breaches, as well as easy access to automated tools to carry out attacks at scale, credential stuffing emerged as a main driver of attack traffic. 

Furthermore, the rise in digital traffic for most of 2020 means businesses have been dealing with holiday season levels of traffic since March 2020. With every day now resembling Black Friday, some retailers are better equipped to handle the onslaught of holiday season traffic and fraud. However, it remains to be seen if a holiday sales bump will occur this year, given already record high traffic levels for many ecommerce businesses.

While much of 2019 saw a marked shift from automated attacks to human sweatshop-driven attacks, automated attacks dominated much of 2020, with Q3 seeing a particularly high spike. This trend is likely to revert back to more targeted attacks in Q4, as during the holiday shopping season fraudsters typically employ low-cost attackers to commit attacks that require human nuance and intelligence.

Moreover, nearly half of all attacks in Q3 of 2020 originated from Europe, with over 10 million sweatshop attacks coming from Russia and 7 million coming from the UK. Many European countries, such as the UK, France, Italy, and Germany, are among those whose GDP shrunk the most since the global pandemic began. A surge in attacks from nations suffering the biggest dips in economic output highlights the economic drivers that spur fraud.

The Q4 Arkose Labs Fraud and Abuse Report is based on actual user sessions and attack patterns that were analysed by the Arkose Labs Fraud and Abuse Prevention Platform from July to September 2020. These sessions, spanning account registrations, logins, and payments from financial services, ecommerce, travel, social media, gaming, and entertainment were analysed in real-time to provide insights into the evolving fraud and risk landscape. 

More: Link

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Keywords: Arkose Labs, research, fraud trends, fraud attacks, digital traffic, retailers, Black Friday, ecommerce, payments
Categories: Fraud & Financial Crime
Countries: World
This article is part of category

Fraud & Financial Crime