In the first quarter of 2020, the Arkose Labs network recorded the highest attack rate ever seen. 26.5% of all transactions were fraud and abuse attempts, which is a 20% increase over the previous quarter.
With COVID-19 restricting face-to-face interactions across the globe, consumer behavior is in flux and digital transactions are on the rise. Organized fraud operations have been quick to mobilize, targeting spikes in digital activity.
Changing attack patterns during COVID-19
The report revealed that the United States emerged as the top originator of cyberattacks, with attack levels increasing 20% since the previous quarter. There was a sharp increase in attacks originating from other well-established economies, such as the United Kingdom, Germany and Canada.
The speed at which the cybercrime ecosystem adapts to changing socio-economic circumstances is highlighted by changing attack methods. Earlier in the quarter, there was a sharp decline in human-driven attacks originating from low-cost ‘sweatshop’ resources. This is attributed to early lockdowns in traditional fraud hubs within Asia.
Major spikes in fraudulent activity at the end of the quarter, once lockdowns were in full force, were largely driven by automation. Automated attacks are easier to scale up quickly, allowing fraudsters to quickly take advantage of the changing digital landscape.
However, localized pockets of sweatshop-driven activity show that economic hardships will lead to new fraud hubs emerging. For example, there was a sharp spike in human-driven fraud originating from Italy and Peru directly after lockdowns were announced.
Just as the corporate world adjusts to working from home, so does the world of fraud – tapping into an increasingly distributed network of resources to carry out attacks.
“COVID-19 is shaping up to be the next big impetus for digital transformation across industries, as widespread lockdowns and social distancing mandates increase global reliance on the digital economy,” said Vanita Pandey, VP of Strategy at Arkose Labs.
“As face-to-face interactions dwindle, digital attack vectors are multiplying at a record rate, creating almost perfect working conditions for fraudsters, who are grasping every available opportunity to exploit both individuals and enterprises during the crisis.”
2020 attack rate: Impact across industries
With changes in consumer behavior due to COVID-19 varying drastically across the industries, fraudsters are shifting their focus accordingly. Top targets for online fraud in the coronavirus era include:
- Retail and travel: The attack rate has doubled from 13% of transactions to 26%, driven by attacks on ecommerce companies as travel tailed off due to restrictions.
- Gaming: With a 30% rise in gaming traffic, the industry was hard hit with a 23% increase in attack rates.
- Information technology: As both personal and professional collaboration and communication shifts online, attacks on tech platforms have risen 16%. Fraudsters looking to blend in with this traffic ramped up their attacks by 25% on new account registrations.
COVID-19 fraud predictions
Based on trends from the first quarter of the year, there are several predictions on the ongoing effects of COVID-19 on fraud an transaction patterns:
- A continued, dramatic rise in attacks as fraudsters take advantage of economic uncertainty and new individuals are pushed into cybercrime due to high unemployment.
- Automation to drive the bulk of the increase in fraud, as low-skill fraudsters who are new to the game take advantage of online tutorials and user-friendly, inexpensive fraud toolkits.
- Wider pool of sweatshop labor available with a move away from traditional fraud hubs to a distributed model of ‘guns for hire’ across the globe.
- New attack vectors to emerge as opportunistic fraudsters widen their reach amidst the pandemic.
- Exploitation of vulnerable individuals with a spike in social engineering and phishing scams targeting new users within the digital economy.