The rise of human-driven fraud attacks

There has been a major spike in human-driven attacks – which rose 90% compared to six months previously, according to Arkose Labs.

Changing attack patterns were felt across geographies and industries, at a time of the year when digital commerce was at its peak.

In Q4 of 2019, advanced, multi-step attacks attempting to evade fraud defenses using a blend of automated and human-driven attacks have been detected. Automated fraud attacks, which grew by 25%, are becoming increasingly complex as fraudsters become more effective at mimicking trusted customer behavior.

While automated attacks are still prevalent across most industries, the notable rise in human-driven attacks is attributed to fraudsters leveraging what Arkose Labs define as “sweatshop-like workers” to enhance attacks.

Sweatshop-driven attack levels increased during high online traffic periods as fraudsters attempted to blend in with legitimate traffic, with peak attack levels 50% higher than seen in Q2 of 2019.

The key countries where human-driven attacks originated from shifted in Q4, showing fraudsters tapping into human farms across the globe to keep costs low and profits high. Sweatshop-driven attacks from Venezuela, Vietnam, Thailand, India and Ukraine grew, while attacks from the Philippines, Russia and Ukraine almost tripled compared to Q2 2019.

“Notable shifts are occurring in today’s threat landscape, with fraudsters no longer looking to make a quick buck and instead opting to play the long game, implementing multi-step attacks that don’t initially reveal their fraudulent intent,” said Kevin Gosschalk, CEO of Arkose Labs.

“Fraudsters are increasingly augmenting their attacks by outsourcing activity to human sweatshop resources, causing a surge in fraud within certain industries such as online gaming and social media.”

Attacks on social media platforms are increasingly human-driven

Due to the volume of rich personal data on social media platforms and high user activity levels, social applications are lucrative targets for fraudsters looking to scrape content, write fake reviews, steal information or disseminate spam and malicious content.

In Q4 of 2019, there was a sharp increase in attack volumes for both social media account registrations and logins. In fact, every two in five login attempts and every one in five new account registrations were fraudulent, making this one of the highest industry attack rates.

The human versus automated attack mix also rose, with more than 50% of social media login attacks being human-driven.

“The elevated rate of human-driven login attacks is supported by organized sweatshops, with fraudsters attempting to hack into legitimate users’ accounts to manipulate or steal credentials and disseminate spam,” explained Vanita Pandey, VP of Marketing and Strategy at Arkose Labs.

“With two in every five social media logins being an attack and more than half of those attacks being human-driven, it’s clear that fraudsters are targeting this customer touchpoint with hopes of downstream monetization.”

Online gaming has emerged as a lucrative channel for fraudsters

As millions increasingly engage in online gaming, the industry has emerged as a prime target for fraudsters across the globe.

Gaming fraud in Q4 of 2019 demonstrated highly sophisticated attack patterns in comparison to other industries, with fraudsters leveraging gaming applications to use stolen payment methods, steal in-game assets, abuse the auction houses and disseminate malicious content.

Fraudsters are using bots to build online gaming account profiles and sell accounts with higher levels and assets, while also targeting online currencies used within select games. Overall, the report found that online gaming attack rates grew 25% last quarter, with most of the growth coming from human-driven attacks on new account registrations and logins.

Combating cybercrime requires a zero tolerance approach

Rising human-driven attack rates demonstrate that fraudsters are willing to be creative and invest more in their attacks, often laying the groundwork months in advance using lower cost, automated attacks.

As long as there is money to be made in fraud and businesses continue to tolerate attacks, fraudsters will continue to identify the most effective attack methods to achieve optimal ROI.

“Ultimately, the only sustainable approach to combating cybercrime is adopting a zero tolerance approach that undermines the economic incentives behind fraud. Tolerating fraud as ‘the cost of doing business’ exacerbates the problem long-term,” said Gosschalk.

“To identify the subtle, tell-tale signs that predict downstream fraud, organizations must prioritize in-depth profiling of activity across all customer touchpoints. By combining digital intelligence with targeted friction, large-scale attacks will quickly become unsustainable for fraudsters.”