There was an 85% year-on-year increase in attacks targeting logins or account creation in 2021 as bot-driven fraud attempts soared, according to Arkose Labs.

The fraud prevention firm analyzed over 150 billion transaction requests across 254 countries across the 12-month period to compile its latest report, The 2022 State of Fraud and Account Security.

It found one in four newly created accounts were fake, one in five logins was an account takeover (ATO) attempt and a fifth (21%) of all traffic was linked to fraud.

ATOs are commonly used to steal personal and financial data or launch phishing attacks. Fraudulent new accounts could be used for “inventory hoarding, content scraping and sending spam and phishing messages,” according to Arkose Labs CEO and founder, Kevin Gosschalk.

“As expected, businesses that hit high-growth periods in 2021 saw an increase in attack. For example, gaming saw sky-high attacks in 2020 but leveled off in 2021, which led to attacks dispersing across other industries,” he told Infosecurity.

“Online media and entertainment continued to grow in popularity, bringing more in-platform spam and scam attacks. Attackers flocked to the travel industry to take advantage of scraping and inventory hoarding opportunities as the world shifted more toward post-pandemic normalcy.”

Driving most of these attacks is the use of intelligent, automated bots. Arkose Labs claimed that today’s bot signatures are three times more complex than those of previous years, making it even harder to discern real human behavior imposters.

Some 86% of attacks in 2021 were linked to bots, while bot-driven credential stuffing attempts peaked at 76 million per week. The Black Friday/Thanksgiving month of November was the worst hit.

The worst attacked sectors in the UK in 2021 were online gaming, accounting for 46% of all attacks, then social networks and online streaming sites, which comprised a third of malicious activity