Fraud and scam activity hits all-time high

Bolster published a report which shows an unprecedented level of fraud activity, spurred by the continuing growth of digital commerce, leading to an explosion of companies’ external attack surfaces.

Using data gathered from analyzing more than one billion sites, the 2022 State of Phishing and Online Fraud Report highlights the trends that drove digital scams in 2021. In this, the company’s third year of tracking phishing and scam data, we can see with no uncertainty how the pandemic has impacted, and in fact accelerated, digital adoption and, as a result, cyber fraud.

“As companies accelerate their digital first strategies, bad actors are more active than ever, targeting employees, customers, and company supply chains,” said Shashi Prakash, CTO at Bolster.

“Our data clearly shows that companies need to do more to protect external attack vectors such as malicious sites, social media, and mobile app stores, which many security teams do not regularly monitor or have the expertise to remediate.”

Global fraud and scam activity is at an all-time high, and the growth is expected to continue into 2022. The digital-first strategy has also expanded the number of attack vectors criminals can target, including websites, social media, marketplaces and mobile app stores.

Fraud and scam activity trends

• Accelerated growth in online fraud globally. In 2021, the total number of phishing and counterfeit pages increased 1.5X over 2020 to a total of more than 10.5 million — and it continues to grow in 2022.
• Threats soar on a daily basis. The average number of phishing and counterfeit pages detected per day in 2021 increased to over 29,000, up from 19,000 per day in 2020.
• Fraudsters capitalize on explosive growth of digital-based services. Phishing and scam attacks more than quadrupled for the SaaS, Communications, Gaming, and Streaming industries—all of which experienced an uptick in adoption resulting from both work-from-home and stay-at-home conditions.
• External attack surface has no geographic boundaries. Fraudulent activity also grew in scope in 2021 as the top countries hosting malicious sites expanded. The United States, Russia, Germany, and Netherlands made both lists but were accompanied by an additional six countries in 2021 versus just one in 2020.

Against this backdrop it’s critical for online businesses to adopt modern brand protection practices. Businesses must not only address an ever-expanding external attack surface rife with fraud, but they need to do so at the speed and scale that threat actors now operate. Many are turning to their InfoSec teams to head up brand protection initiatives, armed with AI and automation technologies to properly fight scale with scale.