A Quarter of New Online Accounts Are Fake – Report
There was an 85% year-on-year increase in attacks targeting logins or account creation in 2021 as bot-driven fraud attempts soared, according to Arkose Labs.
The fraud prevention firm analyzed over 150 billion transaction requests across 254 countries across the 12-month period to compile its latest report, The 2022 State of Fraud and Account Security.
It found one in four newly created accounts were fake, one in five logins was an account takeover (ATO) attempt and a fifth (21%) of all traffic was linked to fraud.
ATOs are commonly used to steal personal and financial data or launch phishing attacks. Fraudulent new accounts could be used for “inventory hoarding, content scraping and sending spam and phishing messages,” according to Arkose Labs CEO and founder, Kevin Gosschalk.
“As expected, businesses that hit high-growth periods in 2021 saw an increase in attack. For example, gaming saw sky-high attacks in 2020 but leveled off in 2021, which led to attacks dispersing across other industries,” he told Infosecurity.
“Online media and entertainment continued to grow in popularity, bringing more in-platform spam and scam attacks. Attackers flocked to the travel industry to take advantage of scraping and inventory hoarding opportunities as the world shifted more toward post-pandemic normalcy.”
Driving most of these attacks is the use of intelligent, automated bots. Arkose Labs claimed that today’s bot signatures are three times more complex than those of previous years, making it even harder to discern real human behavior imposters.
Some 86% of attacks in 2021 were linked to bots, while bot-driven credential stuffing attempts peaked at 76 million per week. The Black Friday/Thanksgiving month of November was the worst hit.
The worst attacked sectors in the UK in 2021 were online gaming, accounting for 46% of all attacks, then social networks and online streaming sites, which comprised a third of malicious activity
More Stories
How Confidence Between Teams Impacts Cyber Incident Outcomes
Infosecurity recently joined an Immersive Labs Cyber Drill to experience how organizations can enhance their preparedness through training and simulations...
New MedusaLocker Ransomware Variant Deployed by Threat Actor
Cisco Talos has observed the financially motivated threat actor targeting organizations globally with a MedusaLocker ransomware variant called “BabyLockerKZ” Read...
Sellafield Fined for Cybersecurity Failures at Nuclear Site
A UK court has fined Sellafield Ltd £332,500 for cybersecurity failings related to the running of the Sellafield nuclear facility...
Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”
The UK's Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were...
CRI Releases Guidance on Avoiding Ransomware Payments
The Counter Ransomware Initiative has released new guidance discouraging organizations from making ransomware payments Read More
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations Read More