By Lizzie Clithroe, Director of Product Marketing at Arkose Labs
With continued worldwide restrictions on face-to-face interactions, the COVID-19 health crisis is proving to be a major driver of digital transformation across various industries. More and more of our daily activities are taking place online and normal consumer behavior is changing at an unprecedented pace.
With digital transactions on the rise, organized fraud operations have been quick to target spikes in online activity. In fact, in the first quarter of 2020, my company’s network recorded the highest attack rate ever seen. After analyzing digital traffic across the financial services, ecommerce, travel, social media, gaming and entertainment sectors, we found that 26.5% of all transactions were fraud and abuse attempts — a 20% increase over the previous quarter.
Recognizing good consumer behavior is central to protecting against fraud and delivering a secure online experience. Equally important in defending the digital economy is becoming well-versed in the latest pandemic-related fraud techniques and evolving attack patterns.
Fraudsters Shifting to a Work From Home Model
The cybercrime ecosystem is proving to be exceptionally nimble, adapting instantly to socio-economic circumstances by modifying its attack methods. For instance, earlier in the quarter, there was a sharp decline in human-driven attacks originating from ‘sweatshop’ resources, i.e. large groups of low-paid workers who carry out attacks or make malicious transactions on fraudsters’ behalf. This decline can be attributed to early, pandemic-induced lockdowns in traditional fraud hubs within Asia.
Once lockdowns were in full force across much of the globe, major spikes in fraudulent activity were largely driven by automation. With automated attacks easy to scale up quickly, fraudsters were able to quickly capitalize on the changing digital landscape. Localized pockets of sweatshop-driven activity also indicate that economic hardships resulting from COVID-19 will lead to new fraud hubs emerging. For example, my company detected a sharp spike in human-driven fraud originating from Italy and Peru immediately after lockdowns were announced.
Top Targeted Industries During COVID-19
Changes in consumer behavior due to the pandemic have varied significantly across industries, and unsurprisingly, fraudsters have shifted their focus accordingly. For example, we found that attack rates doubled in the retail sector, with increasingly intense fraud attempts targeting ecommerce providers.
With many schools and workplaces temporarily closed down, online gaming has surged in popularity. However a recent 30% rise in gaming traffic has also resulted in a 23% increase in attack rates. Attacks on technology platforms have also risen as a result of COVID-19. With both personal and professional collaboration and communication shifting online, attacks on such platforms have risen by 16%. Additionally, we found that savvy fraudsters looking to blend in with this traffic ramped up their attacks by 25% on new account registrations.
Top 5 Fraud Predictions
Without a doubt, the impact of COVID-19 on the digital economy will only continue to evolve over the coming months. Attempting to anticipate future changes in such a tumultuous environment can feel impossible, however the following trends are likely to arise based on the fraud patterns we’ve analyzed thus far:
1. There will be a continued, dramatic rise in attacks as fraudsters take advantage of economic uncertainty and new individuals are pushed into cybercrime due to high unemployment rates.
2. Automation will drive the bulk of the increase in fraud as low-skill fraudsters new to the game take advantage of online tutorials and user-friendly, inexpensive fraud toolkits.
3. There will be a wider pool of ‘sweatshop’ labor available due to a move away from traditional fraud hubs and a shift toward a more distributed model of ‘guns for hire’ across the globe.
4. New attack vectors will emerge as opportunistic fraudsters widen their reach amidst the pandemic.
5. There will be an exploitation of vulnerable individuals with a spike in social engineering and phishing scams targeting new users within the digital economy.
Detecting Fraud Early in the Customer Lifecycle is Paramount
Just as the corporate world has been forced to adjust to working from home, so too has the world of organized fraud by tapping into an increasingly distributed network of resources to carry out attacks. As the upheaval of the pandemic continues to impact different regions and demographics, the intensity of fraud and abuse attacks will continue to rise.
It is therefore more important than ever to detect and stop fraud early in the customer lifecycle with proactive measures that assess and test traffic based on true intent — without putting onerous authentication steps into place that deter trusted users. As the COVID-19 crisis continues to unfold, fraudsters will be exploiting any and every avenue to monetization. As businesses move more of their revenue-generating activity online, it is vital that they have robust monitoring and real-time remediation of account takeovers, fake account creations, fraudulent payments, and spam and abuse attacks in their many forms.
About the Author
Lizzie Clitheroe is a cybersecurity specialist, heading up Arkose Labs’ product marketing team. In this role she delivers data-driven insights into fraud, abuse and authentication trends. 9+ years’ experience working for fast-growth security vendors spanning fraud prevention, network security and application security.