Automated attacks and their role in an evolving fraud landscape

 At Arkose Labs, we protect leading global brands from fraud and online abuse. We are privileged to serve some of the most admired digital businesses across industries including online gaming, retail, travel, financial institutions, media and technology platforms, and social media. All of these digital businesses operate at large scale serving a global customer base, which also exposes them to ever-evolving fraud and abuse.

Easier than ever to attack

The evolution of digital environment has its own pros and cons – much like the two sides of a coin. While digital has made shopping, entertainment, and peer-to-peer interaction easier, it has also spawned a number of complex, technology-driven attacks. The connected nature of the global economic ecosystem and easy access to sophisticated criminal toolkits have made it easier than ever before for fraudsters to orchestrate large-scale automated and organized attacks.
Today, fraudsters have personally identifiable information of millions of users at their disposal which they have harvested from data breaches, phishing, hacking, and so forth. They can abuse all of this data to fake online identity, intent, metrics, and content, to cause serious security and financial threats for any business with an online presence.

The Connected Fraud Ecosystem

Arkose Labs Q3 Fraud and Abuse Report is an in-depth study that sheds profound light on the connected nature of the fraud ecosystem and illustrates how fraudsters deploy different calculated strategies, based on industry and business models, to maximize each attack’s ROI.

The risk landscape today has not only become complex but is also evolving rapidly. Fraudsters are leveraging technology and sharing expertise which allows them to tweak their attack patterns as long they remain profitable.

To illustrate how fraudsters are evolving with rapid technological developments and leveraging the connected fraud ecosystem to maximize their exploits across industries and use cases, Arkose Labs undertook an in-depth study. We analyzed over a billion (1.2 billion) transactions spanning account registrations, logins and payments across industry segments and found interesting attack patterns and deep insights into the evolving fraudscape.

Deep Dive Insights

Our analysis provides deep-dive insights into the attack patterns and modus operandi for industry segments including social media, online gaming, technology, financial services, travel, and retail. For instance, social media is a favourite target for illegitimate login attempts with half the logins being inauthentic. The travel industry faces a high risk of denial of inventory attacks that lead to a significant increase in ticket prices. Almost 10% of all login attempts on travel sites are fraud and 46% of all payment transactions for travel are fraudulent. Online retail is an interesting case, as it attracts the highest volume of sophisticated human driven attacks at more than 50%.

Of the 1.2 billion transactions analyzed, our report finds that automated attacks represent the bulk of the traffic, ranging from large-scale account validation attacks, to bots blocking seats on an airline to scripted attacks that scrape user data and inventory. Fraudsters can harvest rich personal data from legitimate user accounts on social media platforms, monetize stolen credentials and ‘game’ the system in online gaming, and employ a large group of low-paid workers specifically to make fraudulent transactions or create fake accounts on technology platforms. They can take over legitimate user accounts to transfer funds or sign up for fraudulent purchases in the financial services segment, employ automated bots for denial of inventory attacks in the travel industry, and attempt account takeover or make purchases using stolen credentials on online retail platforms.

Another key revelation of our report is the quick metamorphosis of developing economies as fraud hubs due to the easy availability of sophisticated tools, cheap manual labour, and good economic incentives associated with online fraud.

Long-term approach to preventing fraud

Analyzing over a billion transactions, we gained insights into the psyche and motivation behind these attacks and how digital businesses can stop fraud and online abuse right at the entry gates. We found that fraudsters are using technical expertise to orchestrate a myriad of complex attacks: account takeover, fake new account origination, payment fraud, gift card fraud, API abuse, search and scraping, spam and malicious content, and so forth.

At Arkose Labs, we believe fraudsters will continue to perpetrate attacks as long as these attacks provide them with financial incentives. Therefore, we believe that the only way to fight fraud is a long-term approach rooted in preventing the attacks by eliminating the associated financial returns that protect the revenues and brand reputation of digital businesses while also enabling them to build strong customer relationships.

Gain more insights into the fraud challenges that the digital economy faces as well as the ways to tackle them. Download your copy of the Arkose Labs Q3 Fraud and Abuse Report now.

About Kevin Gosschalk

Kevin Gosschalk is the CEO and Founder of Arkose Labs, where he leads a team focused on telling computers and humans apart on the Internet. Before Arkose Labs, Kevin developed gaming hardware for the intellectually disabled at the Endeavour Foundation and built a unique device incorporating Microsoft’s Kinect Camera technology.

About Arkose Labs

Arkose Labs is an authentication system with two key components: Telemetry and Enforcement. Telemetry refers to our decision platform that recognises the context, behaviour, and past reputation of a request using machine learning, while Enforcement refers to our proprietary challenge–response mechanism that classifies the authenticity of unrecognised requests, and provides real-time feedback to Telemetry.