Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/26/2019
04:25 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

More Than Half of Social Media Login Attempts Are Fraud

Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.

Login attempts make up three of every four digital transactions a business has with its customers. Unfortunately for today's increasingly digital organizations, not all user logins are authentic – in fact, across many industries, it's more likely a login attempt is fake.

For its Q3 Fraud and Abuse Report, released today, Arkose Labs analyzed 1.2 billion user transactions conducted between April 1 and Jun. 30, 2019 to gain a sense of the fraud and risk landscape. These sessions span account registrations, logins, and payments from companies in the financial services, ecommerce, travel, social media, gaming, and entertainment industries.

The company discovered a mix of automated and human-driven fraud targeting business transactions across industries. Eleven percent of sessions are attacks, Arkose Labs reports, but the type of fraud and how it's conducted vary based on time of day, industry, and geography.

Consider the tech space, where according to the report, fake login attempts make up 78.7% of fraud instances and account registrations make up the rest (21.2%). Most tech companies offer a "freemium" model with quick onboarding for users, which appeal to attackers looking to test stolen credentials or create fake accounts. Nearly 43% of all attacks on tech companies are human-driven.

Social media is another hotspot for fraud. Fake login attempts make up 89.5% of social media fraud instances, and fake account registrations make up 10.5%, explaining why automated attacks are so common. The popularity of account takeover stems from attackers' motivation to steal personal data, the report states, and 53.3% of all social media login attempts are fraud.

Payments are more likely to be targeted in retail and travel. Automated bots aim to block inventory, a tactic that may lead to denial of inventory attacks or higher prices on tickets. Fraudsters are also after data: by taking over actual user accounts they can access individuals' targeted recommendations, discounts, and personal information.

On a geographical level, the top originators for fraud attacks are the United States, Russia, Philippines, UK, and Indonesia. The Philippines is the single largest attack originator for both automated and human-driven fraud. China mostly relies on human-driven fraud attacks.

Man vs. Machine: Use of Human-Driven Fraud

Attack patterns evolve as businesses deploy new mitigations. When companies find a new tool to detect large-scale automated attacks, unsuccessful fraudsters shift to new, trained bot attacks. As mitigations are released for those, they are turning to human-driven attacks. A growing number of "click farms" or sweatshops employ low-paid people to attempt fraudulent transactions, write fake reviews, or create new accounts using stolen or fake credentials.

Automated attacks comprise the bulk of fraud traffic: it's easiest to automate login attempts, which are fairly straightforward and make up 78.9% of fraud instances. In comparison, account registrations make up 14.8% of fraud attempts, and payments make up 6.3%.

"Those attacks can be carried out by these automated systems," Arkose Labs' vice president of strategy Vanita Pandey says of account takeover. "But then there are areas where human intervention is required." Writing reviews, opening bank accounts, or signing up for a dating app are examples.

Human-driven attacks, while more expensive, may also lead to greater gain. Unlike bot traffic, human behavior is unpredictable and highly nuanced; for this reason, payment fraud and fake account creation are more likely to be done by people. Arkose Labs found nearly one-third of account registration attacks are from malicious humans; both individuals and organized fraud.

Most human-driven attacks are seen in retail, finance, and technology, where person-to-person interaction is typically required; for example, 53% of account registration attacks against tech companies are done by people. This type of activity also varies by time of day: while the digital economy means fraudsters can strike at any time, most human-driven attacks aim to align with the targeted time zone's business hours so as to appear legitimate. This is why human-driven attacks are more popular in the retail industry than any other, researchers report.

Fraudsters target both mobile and desktop traffic, which make up 30.9% and 69.1% of fraudulent traffic, respectively. This also varies by industry. Mobile is hot in social media and retail; in the gaming space, much of fraud traffic comes from consoles. Finance and tech traffic primarily comes from desktop machines, likely due to their larger screen size.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'Culture Eats Policy for Breakfast': Rethinking Security Awareness Training."

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Tor Weaponized to Steal Bitcoin
Dark Reading Staff 10/18/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18387
PUBLISHED: 2019-10-23
Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details.
CVE-2019-18212
PUBLISHED: 2019-10-23
XMLLanguageService.java in XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows a remote attacker to write to arbitrary files via Directory Traversal.
CVE-2019-18213
PUBLISHED: 2019-10-23
XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response cap...
CVE-2019-18384
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An authenticated remote non-administrative user can read unauthorized shared files, as demonstrated by the filename=*public*%25252Fadmin_OnlyRead.txt substring.
CVE-2019-18385
PUBLISHED: 2019-10-23
An issue was discovered on TerraMaster FS-210 4.0.19 devices. An unauthenticated attacker can download log files via the include/makecvs.php?Event= substring.