Researchers found that just over half (53%) of social networking site logins are fraudulent and that 25% of new social media accounts are fraudulent. They studied just over 1 billion social transactions to come to their conclusions.
“Fraudsters are motivated by financial gain and they will continue to deploy malicious techniques as long as there is money to be made. Sometimes fraudsters have to rely on humans to carry out attacks. These attacks cost more, but the value they can extract from the attack makes the investment worthwhile,” said Vanita Pandey, VP Strategy at Arkose Labs. “Developing economies are quickly becoming fraud hubs because they have easy access to sophisticated tools, cheap manual labor and good economic incentives associated with online fraud.”
Other interesting findings from the Q3 Fraud and Abuse Report include:
▪ The largest origin for human and automated attacks is the Philippines, the US is the second largest originator
▪ 59% of attacks originating from China are human driven, 4X higher than the Philippines, the US or Russia
▪ 75% of social media attacks are automated and bot-based
▪ Social logins are 2X more likely to be attacked than account registrations
“[The] risk landscape is quickly becoming increasingly complex because fraudsters have easy access to sophisticated tools and resources. This means that they can tweak their attack patterns as long they remain profitable,” said Kevin Grosschalk, CEO, Arkose Labs. “The extremely high attack rate on social media logins is indicative of the value placed on the data fraudsters extract from compromised social accounts. “Because more than 50% of social media logins are fraud, we know that fraudsters are using large-scale bots to launch attacks on social media platforms with the goal of disseminating spam, stealing information, spreading social propaganda and executing social engineering campaigns targeting trusting consumers.”
Researchers also found that tech companies are especially at risk for being targeted. Fraudsters are using stolen social credentials to create fake tech company accounts. The financial sector is also at risk, with about 9% of total login attempts being fraudulent.