According to the Arkose data of the 30% increase is digital fraud, 70% were from bot-driven account registrations. Those fraudulent accounts are used, in many cases, by cybercriminals to ‘test’ stolen credentials from consumers. Some also use fraudulent accounts to try to get into the data mines of big corporations. Account registrations are not the most-attacked consumer touchpoint.
“One thing is clear: the way fraudsters are weaponizing compromised data from recent high-profile breaches highlights the deep connectivity of the global cybercrime ecosystem that goes way beyond selling stolen data or knowledge sharing. One attack is a precursor to another attack, and they can be in two different industries, across two different geographies,” said Kevin Gosschalk, CEO of Arkose Labs.
“As we head into the holiday season, customer acquisition is top of mind for retailers. Fraudsters know this and will exploit the pressure companies are under to open new accounts and maximize conversion rates,.”
Other interesting data from The Q4 Fraud and Abuse Report out from Arkose include:
▪ More fraudsters are testing consumer credentials for social networks, tech websites, and gaming website in their search for identities to exploit
▪ During Q3 experts saw a 30% increase (QoQ) in account takeover attacks in retail
▪ 81% of retail takeover attacks were for fraudulent payment transactions
“Identity is the new global currency, which explains why fraudsters are prioritizing valuable resources to test and validate identities across disparate industries,” said Vanita Pandey, VP of Strategy at Arkose Labs. “As we enter the next stage of the post-breach era, when identities have been compromised en masse and fraudsters have access to behavioral information on consumers through hacked accounts, it has never been more difficult to validate digital identity. Intelligent step-up challenges can be the missing link to clarify whether an online identity has been corrupted by fraudster or is being exploited by organized sweatshop activity.”
Researchers also saw an increase is human-driven fraud, meaning those attacks perpetrated by a single person rather than a bot-farm or sweatshop. These attacks increased about 33% Q0Q; researchers also found that about 1 in 3 attacks on financial institutions like banks are human-driven.