Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/26/2019
04:25 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

More Than Half of Social Media Login Attempts Are Fraud

Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.

Login attempts make up three of every four digital transactions a business has with its customers. Unfortunately for today's increasingly digital organizations, not all user logins are authentic – in fact, across many industries, it's more likely a login attempt is fake.

For its Q3 Fraud and Abuse Report, released today, Arkose Labs analyzed 1.2 billion user transactions conducted between April 1 and Jun. 30, 2019 to gain a sense of the fraud and risk landscape. These sessions span account registrations, logins, and payments from companies in the financial services, ecommerce, travel, social media, gaming, and entertainment industries.

The company discovered a mix of automated and human-driven fraud targeting business transactions across industries. Eleven percent of sessions are attacks, Arkose Labs reports, but the type of fraud and how it's conducted vary based on time of day, industry, and geography.

Consider the tech space, where according to the report, fake login attempts make up 78.7% of fraud instances and account registrations make up the rest (21.2%). Most tech companies offer a "freemium" model with quick onboarding for users, which appeal to attackers looking to test stolen credentials or create fake accounts. Nearly 43% of all attacks on tech companies are human-driven.

Social media is another hotspot for fraud. Fake login attempts make up 89.5% of social media fraud instances, and fake account registrations make up 10.5%, explaining why automated attacks are so common. The popularity of account takeover stems from attackers' motivation to steal personal data, the report states, and 53.3% of all social media login attempts are fraud.

Payments are more likely to be targeted in retail and travel. Automated bots aim to block inventory, a tactic that may lead to denial of inventory attacks or higher prices on tickets. Fraudsters are also after data: by taking over actual user accounts they can access individuals' targeted recommendations, discounts, and personal information.

On a geographical level, the top originators for fraud attacks are the United States, Russia, Philippines, UK, and Indonesia. The Philippines is the single largest attack originator for both automated and human-driven fraud. China mostly relies on human-driven fraud attacks.

Man vs. Machine: Use of Human-Driven Fraud

Attack patterns evolve as businesses deploy new mitigations. When companies find a new tool to detect large-scale automated attacks, unsuccessful fraudsters shift to new, trained bot attacks. As mitigations are released for those, they are turning to human-driven attacks. A growing number of "click farms" or sweatshops employ low-paid people to attempt fraudulent transactions, write fake reviews, or create new accounts using stolen or fake credentials.

Automated attacks comprise the bulk of fraud traffic: it's easiest to automate login attempts, which are fairly straightforward and make up 78.9% of fraud instances. In comparison, account registrations make up 14.8% of fraud attempts, and payments make up 6.3%.

"Those attacks can be carried out by these automated systems," Arkose Labs' vice president of strategy Vanita Pandey says of account takeover. "But then there are areas where human intervention is required." Writing reviews, opening bank accounts, or signing up for a dating app are examples.

Human-driven attacks, while more expensive, may also lead to greater gain. Unlike bot traffic, human behavior is unpredictable and highly nuanced; for this reason, payment fraud and fake account creation are more likely to be done by people. Arkose Labs found nearly one-third of account registration attacks are from malicious humans; both individuals and organized fraud.

Most human-driven attacks are seen in retail, finance, and technology, where person-to-person interaction is typically required; for example, 53% of account registration attacks against tech companies are done by people. This type of activity also varies by time of day: while the digital economy means fraudsters can strike at any time, most human-driven attacks aim to align with the targeted time zone's business hours so as to appear legitimate. This is why human-driven attacks are more popular in the retail industry than any other, researchers report.

Fraudsters target both mobile and desktop traffic, which make up 30.9% and 69.1% of fraudulent traffic, respectively. This also varies by industry. Mobile is hot in social media and retail; in the gaming space, much of fraud traffic comes from consoles. Finance and tech traffic primarily comes from desktop machines, likely due to their larger screen size.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'Culture Eats Policy for Breakfast': Rethinking Security Awareness Training."

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-23394
PUBLISHED: 2021-06-13
The package studio-42/elfinder before 2.1.58 are vulnerable to Remote Code Execution (RCE) via execution of PHP code in a .phar file. NOTE: This only applies if the server parses .phar files as PHP.
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.