Arkose Labs released new data on the latest fraud trends, revealing increased threats during the holidays, rising bot attacks, and a resurgence in attacks on travel companies. As shoppers fill their online carts, account takeover (ATO) attacks and gift-card fraud remain persistent.
The report shares the top six fraud-fighting trends from the previous 3 months and provides data highlighting that no digital business is immune from attack. Financial industries saw 32 percent more attacks than in the first half of 2021.
Retail and travel attacks increased 63 percent in Q3, and gaming saw a spate of fake new accounts being set up for fraudulent purposes. Media and streaming businesses saw 60 percent of malicious activity targeting logins, and 20 percent of these attacks originating from human fraud farms.
Technology platforms see 91 percent of all attacks powered by bots. Overall, attacks are increasing in every industry, and they are growing more sophisticated.
“As we approach 2022, the frequency and severity of fraud continues to threaten any organization doing business online,” said Arkose Labs CMO Vanita Pandey. “Based on intelligence garnered from the Arkose Labs Network, we predict a 60 percent increase in attacks for the upcoming 2021 holiday shopping season. No digital business is immune to this threat.”
Threats increasing during the holidays
Holiday season is also cybercrime season. Attacks have steadily increased over 2020, becoming more frequent, launching on a larger scale, and initiating with greater sophistication. Digital companies need to understand how fraudsters work and protect the parts of their business that are vulnerable to attack.
It is estimated that eight million attacks will occur daily during the 2021 holiday shopping season that is now underway. As long as fraudulent attacks are profitable for bad actors, companies must be vigilant in their defense.
Travel industry is back in the crosshairs. The world is traveling again, and that means more online bookings through travel sites. The travel sector enjoyed a 40 percent increase in digital traffic, creating the perfect opportunity for attacks, which increased 80 percent from Q2 to Q3 2021.
Digital traffic to U.S. travel sites was hit particularly hard, with 66 percent of those online visits marked as fraud or bot attacks.
Asia leads the globe in attacks. Asia has returned as the top originator of fraud attacks, with China driving nearly half of all attacks in Q3. In comparison, the United States, in second place, accounted for 19.4 percent of attacks.
Bots take center stage. While human fraud attempts are increasing, machine attacks are predicted to hold steady and possibly ramp up during the holiday season. Bots now account for 88 percent of attacks.
In 2020, more than 2 million bot attacks occurred between October and December. This year, the number will likely be even higher, making it all the more important for businesses to increase scrutiny of traffic intended to do harm.
Fraud has a new face. Digital businesses are experiencing a massive surge of fake new accounts. 560 million malicious attempts on registration flows were detected last quarter, which is four times more than at the beginning of the year. These fake accounts open the doors to downstream fraud that directly impacts the bottom line of e-commerce firms.
Credential stuffing continues to plague online businesses. As more customers open digital accounts, account takeover attempts fueled by large-scale credential stuffing soon follow. 3 billion credential stuffing attacks were closed over the past year, nearly doubling over the past 12 months.
In 2020 digital businesses saw 90% higher volume of credential stuffing attacks during the final quarter of the year, over the holiday shopping period.