Over Half of Social Media Logins Are Fraudulent
A report released today by fraud remediators Arkose Labs revealed that it isn’t just the content on social media that’s giving off the foul reek of fakery. The Fraud & Abuse Report found that 53% of all logins on social media sites are fraudulent.
The report, which analyzed more than 1.2 billion transactions made between April 1, 2019, and June 30, 2019, found that 11% of all online transactions, including account registrations, logins and payments, were actually cyber-attacks.
Attacks were found to originate globally, in both wealthy countries and developing economies. The majority of fraud attacks came from the US, Russia, the Philippines, the UK and Indonesia.
Interestingly, the attack mix varied across industries, with some spheres more likely to suffer human-driven cyber-attacks, while others were chiefly targeted by bots.
The technology industry stood out as heavily targeted by human click-farms and sweatshops, with almost 43% of attacks driven by humans. However, it was the retail industry that saw the highest proportion of human culprits, with a 50/50 split between attacks driven by humans and bot-led assaults.
Cyber-criminals were found to use a two-pronged approach, sending humans to work on a target after large-scale automated attacks by bots proved unsuccessful.
Commenting on the report’s findings, the VP of strategy at Arkose Labs, Vanita Pandey, said: “The sophistication of the bot attacks is increasing, and the merchant is getting bombarded with attacks from bots and humans at the same time.
“These criminals have unlimited technology and identities are widely available; the only limited resource is humans to hire to do the attacks.”
Shockingly, 46% of all payment transactions for travel were found to be fraudulent, as were almost 10% of all login attempts on travel sites.
Seasonality played a role in the results for the financial services industry, with a peak in the volume of attacks observed during high-traffic periods, like the US tax season.
Indicating that peaks in the volume of attacks may be useful in helping to identify future breaches, Pandey stated: “We saw an increase in the number of attacks in what we later realized was the lead up to a big breach announcement.”