Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

8/26/2019
04:25 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

More Than Half of Social Media Login Attempts Are Fraud

Overall, account registrations for tech companies are four times more likely to be malicious than legitimate, a new report states.

Login attempts make up three of every four digital transactions a business has with its customers. Unfortunately for today's increasingly digital organizations, not all user logins are authentic – in fact, across many industries, it's more likely a login attempt is fake.

For its Q3 Fraud and Abuse Report, released today, Arkose Labs analyzed 1.2 billion user transactions conducted between April 1 and Jun. 30, 2019 to gain a sense of the fraud and risk landscape. These sessions span account registrations, logins, and payments from companies in the financial services, ecommerce, travel, social media, gaming, and entertainment industries.

The company discovered a mix of automated and human-driven fraud targeting business transactions across industries. Eleven percent of sessions are attacks, Arkose Labs reports, but the type of fraud and how it's conducted vary based on time of day, industry, and geography.

Consider the tech space, where according to the report, fake login attempts make up 78.7% of fraud instances and account registrations make up the rest (21.2%). Most tech companies offer a "freemium" model with quick onboarding for users, which appeal to attackers looking to test stolen credentials or create fake accounts. Nearly 43% of all attacks on tech companies are human-driven.

Social media is another hotspot for fraud. Fake login attempts make up 89.5% of social media fraud instances, and fake account registrations make up 10.5%, explaining why automated attacks are so common. The popularity of account takeover stems from attackers' motivation to steal personal data, the report states, and 53.3% of all social media login attempts are fraud.

Payments are more likely to be targeted in retail and travel. Automated bots aim to block inventory, a tactic that may lead to denial of inventory attacks or higher prices on tickets. Fraudsters are also after data: by taking over actual user accounts they can access individuals' targeted recommendations, discounts, and personal information.

On a geographical level, the top originators for fraud attacks are the United States, Russia, Philippines, UK, and Indonesia. The Philippines is the single largest attack originator for both automated and human-driven fraud. China mostly relies on human-driven fraud attacks.

Man vs. Machine: Use of Human-Driven Fraud

Attack patterns evolve as businesses deploy new mitigations. When companies find a new tool to detect large-scale automated attacks, unsuccessful fraudsters shift to new, trained bot attacks. As mitigations are released for those, they are turning to human-driven attacks. A growing number of "click farms" or sweatshops employ low-paid people to attempt fraudulent transactions, write fake reviews, or create new accounts using stolen or fake credentials.

Automated attacks comprise the bulk of fraud traffic: it's easiest to automate login attempts, which are fairly straightforward and make up 78.9% of fraud instances. In comparison, account registrations make up 14.8% of fraud attempts, and payments make up 6.3%.

"Those attacks can be carried out by these automated systems," Arkose Labs' vice president of strategy Vanita Pandey says of account takeover. "But then there are areas where human intervention is required." Writing reviews, opening bank accounts, or signing up for a dating app are examples.

Human-driven attacks, while more expensive, may also lead to greater gain. Unlike bot traffic, human behavior is unpredictable and highly nuanced; for this reason, payment fraud and fake account creation are more likely to be done by people. Arkose Labs found nearly one-third of account registration attacks are from malicious humans; both individuals and organized fraud.

Most human-driven attacks are seen in retail, finance, and technology, where person-to-person interaction is typically required; for example, 53% of account registration attacks against tech companies are done by people. This type of activity also varies by time of day: while the digital economy means fraudsters can strike at any time, most human-driven attacks aim to align with the targeted time zone's business hours so as to appear legitimate. This is why human-driven attacks are more popular in the retail industry than any other, researchers report.

Fraudsters target both mobile and desktop traffic, which make up 30.9% and 69.1% of fraudulent traffic, respectively. This also varies by industry. Mobile is hot in social media and retail; in the gaming space, much of fraud traffic comes from consoles. Finance and tech traffic primarily comes from desktop machines, likely due to their larger screen size.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "'Culture Eats Policy for Breakfast': Rethinking Security Awareness Training."

 

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.