Arkose Labs’ 2022 State of Fraud and Account Security Report Shows Online Fraud Increased 85% Year Over Year
Latest data from Arkose Labs Global Network reveals an alarming 21% of all traffic in 2021 was an attack
Arkose Labs, the global leader in fraud deterrence and account security, released new data on the latest online fraud trends, revealing record increases in attacks across multiple sectors. The company’s 2022 State of Fraud and Account Security report uncovers the top six fraud-fighting trends from 2021 and provides data that emphasizes no digital business is immune from attack. Malicious bots, human attacks and the rise of “Master Fraudsters” have created a disruptive and vulnerable environment, making online fraud deterrence even more critical for businesses.
“The increase in frequency and severity of fraud was higher in 2021 than any other year we’ve monitored, which is especially jarring considering how extraordinary the 2020 numbers were,” said Vanita Pandey, chief marketing officer for Arkose Labs. “The Arkose Labs Global Network’s most recent threat intelligence shows an eye-opening 21% of all online traffic was an attack, with nearly every industry seeing a sharp increase in every type of attack. As fraudsters become more sophisticated, we must outpace their efforts and continue to provide the best-in-class solutions to keep consumers’ online accounts secure.”
Marketing Technology News: MarTech Interview with Nikhil Behl, CMO at FICO
Highlights from the report include:
- Account security became paramount in 2021 – Attackers jumped at the opportunity to monetize their efforts by targeting login and registration points at scale. Login and fake account attacks increased 85% year-over-year and every fifth login attempt was an account takeover (ATO). Additionally, one in four new account registrations was fake, with fake accounts more than doubling (2.5x) in 2021 compared to the year prior. Credential stuffing also saw a dramatic increase in 2021, accounting for 4% of traffic and 80% of login attacks.
- Attackers followed consumer engagement across industries – As industries continued to embrace a new digital norm, attackers capitalized on areas of high consumer engagement. Five out of the six industries Arkose Labs analyzed experienced increased attack probability in 2021, with travel and entertainment sites seeing the biggest impacts. Attackers specifically preyed on the resurgence in travel with scraping attacks, compromising a massive 45% of traffic on travel sites. The report further details industry-specific trends for gaming, media and entertainment, financial services, tech, travel and retail.
- Attacks are more volatile than ever – A single attack can consume nearly 80% of traffic, and in 2021, credential stuffing spikes hit up to 76 million per week. Attack rates doubled during peak season in November, making it the most dangerous month in 2021. Bots were used almost exclusively during this time period, which is increasingly known as “Black November,” due to its unparalleled volume of cyberattacks. Still, these high-velocity attacks overwhelm servers and fraud and security teams, regardless of season, and businesses must be adaptable to mitigate damages.
- The intelligent bot revolution is in full play – Bots mimic human behavior with a high degree of accuracy, accounting for 86% of all attacks. Automated attack and evasion orchestration includes combinations of sophisticated measures including stolen and synthetic credentials, CAPTCHA solving, human fraud farms, device spoofing, IP spoofing and hijacking and attack scripts. Today’s bot signatures are three times more complex than signatures of previous years, challenging fraud and security teams with triple the values to analyze in an average bot signature. This level of intelligent planning makes it more difficult to assess risk and make accurate decisions. Businesses require even more sophisticated analysis to detect anomalies and prevent loss.
- Metaverse companies are more likely to be targeted by “Master Fraudsters” – The rise of virtual worlds creates new attack opportunities for bad actors. Insights from the Arkose Labs Global Network show scams, microtransaction abuse, and unfair play are top threats in a metaverse world. These companies experienced 80% more bot attacks and 40% more human attacks than other businesses. “Master Fraudsters” attack their targets by scripting together multiple tools with intense persistence. They combine bots and fraud farms, and invest large amounts of capital, creating virulent attacks. Master Fraudsters’ top attack patterns to disrupt fair commerce include microtransaction fraud, spam and scams.
- Asia leads the world in perpetrating attacks – In prior years, Russia consistently topped the list of attacking countries. While attacks out of Russia are still prevalent, attackers from Asia took the top spot in 2021, with 40% of all attacks coming from this region. More specifically, one of every two Asian attacks originated in China. Leveraging an ecosystem of tools and low-cost resources, two-thirds of Chinese attacks targeted registration, primarily driven by abusing free trials for crypto mining.
Marketing Technology News: Arkose Labs Recognized as Winter 2022 G2 Leader in Fraud Detection
The report highlights the need for companies to have increased awareness and diligence when it comes to thwarting cybercrime. Today, Arkose Labs provides support for some of the world’s most recognized brands and platforms including Honey, LinkedIn, Microsoft, PayPal, Pitney Bowes, Roblox, Venmo and Zilch. Arkose Labs covers industries such as financial services, fintech, gaming, retail, technology and social media and represents more than 1 billion social media users, 60% of online video gamers and 40% of all retail volume.
“From the earliest days of online information to the rapid evolution of today’s metaverses, the internet has come a long way,” said Pandey. “It’s imperative that companies protect their online platforms and their consumers from malicious activities.” She concluded, “We have the ability to do this today, and our approach is making it more difficult and less lucrative for attackers to conduct fraudulent activity.”