Human-driven fraud, where malicious humans engage in fraudulent activities, doubled in volume during Q1 2021 over the previous quarter. Technology platforms and Media companies were the worst affected by human-driven fraud at 40% and 32%, respectively.
It is estimated that globally business lost nearly $42 billion to fraud in 2020 and these costs continue to increase every year. Fraudsters are in the business of making money and they continue to innovate and deploy tools and strategies with ever-increasing sophistication.
They marshal their resources and deploy bots, fraud farms, or a combination of the two, to maximize profits with the least possible investments.
Human driven fraud volumes doubled in Q1 2021
In Q1 2021, human-driven fraud volumes doubled from Q4 2020. These attacks are generally carried out by fraud farms, which refers to organised operations of workers that are deployed to attack at scale and circumvent anti-bot defences.
An increase in human-driven fraud in Q1 2021, therefore, indicates the continuing importance of fraud farms in executing complex attacks. It also shines the spotlight on the relevance of so-called cyborg attacks where fraudsters deploy a mix of bots and fraud farms to successfully execute attacks.
Technology platforms witnessed a noticeable spike (40%) in human-driven fraud especially on new account creation flow. Fraudsters created fake new accounts on cloud storage and collaboration platforms to get free promotional server time, which was abused to mine bitcoin or other cryptocurrencies.
Human-driven fraud on media companies – encompassing dating, social, and streaming platforms – rose 32% with a drastic increase in fake new account creation. These fake new accounts are often used for romance scams on dating platforms and to send phishing messages on social media sites.
There was also a spike in human-driven payment attacks on retail companies in Q1 2021.
Most human-driven fraud attacks originated in North America
The majority (38%) of human-driven fraud in Q1 2021, emanated from North America, primarily due to the attacks on social media platforms. Malicious humans abused these platforms to send phishing messages and links to unsuspecting users to place malware on their devices or extract personal information that could be resold later.
Human-driven fraud find a supplement in the new face of fraud
In addition to human-driven fraud executed through fraud farms, there is an emerging new face of human-driven fraud. This includes the people who dabbled in fraud out of financial hardships during lockdowns, but found it profitable and have continued with it instead of returning to their legitimate work.
This new segment of fraudsters, which usually engages in activities like fake reviews, disseminating fake information on social media, and creating new fraudulent accounts for bonus abuse, is becoming difficult to detect and stop as they are regular users that have now begun engaging in fraud.
Further, fraudsters are rerouting Border Gateway Protocols to hijack legitimate IPs and launch DDoS attacks on websites or to spoof IPs to appear as good traffic and fool fraud defence measures.
Fraud-decisioning that relies on IPs can take a beating as signals increasingly fall in the gray area and can make it difficult for businesses to accurately identify bad actors from good users.
As human-driven fraud, supplemented by people who refuse to give up on fraudulent activities, continues to increase, it becomes imperative for businesses to adopt a fraud defence approach that fortifies vigilance at the entry gates. When fraudsters are unable to sneak into the business network, they cannot exploit the business or its users.
The post The new face of fraud is supplementing human-driven fraud appeared first on Payments Cards & Mobile.