A recent report on online fraud and abuse revealed that more than half of the login attempts on social media are made by scammers. The data also named the Philippines as the world’s single biggest attack originator for both automated and human-driven attack.
The report, published by the cybersecurity firm, Arkose Labs, entitled Q3 Fraud and Abuse Report, uncovered that more than fifty percent of login attempts in social media is carried out by malicious actors who want to monetize on user data or to perform other forms of attack.
The study showed that 53% of logins on social media sites are fraudulent, and 25% of all new account applications on social media are intended for scamming purposes.
The Arkose Labs Q3 Fraud and Abuse Report analyzed over 1.2 billion transactions spanning account registrations, logins, and payments from financial services, e-commerce, travel, social media, gaming and entertainment industries, in real-time, to provide insights on the evolving threat landscape. The report covers the third quarter of 2019 between April 1, 2019, to June 30, 2019.
“We are in an era where online identity, intent, business, metrics, and content can all be faked. This can have serious security and ﬁnancial repercussions for any business with an online presence, especially as they try to balance risk management with the delivery of exceptional customer experience,” said Kevin Gosschalk, CEO of Arkose Labs.
“Meanwhile, the risk landscape is quickly becoming increasingly complex because fraudsters have easy access to sophisticated tools and resources. This means that they can tweak their attack patterns as long as they remain profitable.”
Arkose Labs revealed that as social media becomes a daily staple for everyone, it becomes a more lucrative vehicle for criminal elements to exploit in order to gain profit or to disrupt peace and order. They said that takeover attacks, to fraudulent account creation attacks, spam and abuse are prevalent in social media in both bots-initiated manner and those that are driven by malicious human actions. The researchers said that around 75% of the attacks on social media they have seen in the last quarter are bot-initiated.
“The extremely high attack rate on social media logins is indicative of the value placed on the data fraudsters extract from compromised social accounts,” said Gosschalk. “Because more than 50% of social media logins are fraud, we know that fraudsters are using large-scale bots to launch attacks on social media platforms with the goal of disseminating spam, stealing information, spreading social propaganda and executing social engineering campaigns targeting trusting consumers.”
The Philippines is the top originator of attacks
Cyber attacks come from different parts of the world. However, according to the report, the Philippines is the single biggest attack originator for both automated and human-driven attacks and the U.S. a distant second. Other top originators are Russia, the U.K., and Indonesia.
However, they also said that most of the human-driven attacks originated from China. The number of attacks from the Chinese (59%) equals more than four times the human-driven attack counts in the U.S., Philippines, and Indonesia.
“Fraudsters are motivated by financial gain, and they will continue to deploy malicious techniques as long as there is money to be made. Sometimes fraudsters have to rely on humans to carry out attacks. These attacks cost more, but the value they can extract from the attack makes the investment worthwhile,” said Vanita Pandey, VP Strategy at Arkose Labs. “Developing economies are quickly becoming fraud hubs because they have easy access to sophisticated tools, cheap manual labor, and good economic incentives associated with online fraud.”
Cybercrimes costs will surpass the cost of natural disasters
The researchers estimate that by 2021, cybercrime will cost the global economy more than $6 trillion in damages. This amount is larger than the cost of damages through natural disasters and the cost of the global drug trade.
Moreover, according to the report, tech companies are the biggest targets of human-driven frauds and cyber attacks. Click-farms and sweatshops, which employ a large group of low-paid workers hired speciﬁcally to make fraudulent transactions or create fake accounts, are targeting tech companies at an alarming rate or 43%.
Technology companies who offer a ‘freemium’ model with quick, frictionless onboarding for new customers are attractive targets for fraudsters looking to test stolen credentials or create fake accounts to access the services,” said Pandey. “2019 is tracking to be a record year for data breaches and all of the recent tech breaches are providing fraudsters with refreshed access to new information. As we head into the holiday season, it is clear that businesses will experience the impact in terms of new fraud attacks.”