The disruption to economic activity in the aftermath of COVID-19 has resulted in a rapidly evolving digital commerce landscape. Businesses and consumers have been forced to go digital in response to global lockdowns. This deluge of consumers accessing digital channels has increased the pressures on businesses and incentive levels for aspiring fraudsters. This led to a significant spike in fraud in Q2 2020.
Recommended Download: Q3 2020 Fraud and Abuse Report
A rise in human-driven fraud in Q2 2020
A key trend gleaned from our analysis into real user sessions was in the human versus bot attack mix across industries. In Q1 2020, there was a barrage of bot attacks that constituted 74% of all attacks. In Q2, however, fraudsters switched over to using sweatshops to effect human-driven fraud. 41% of attacks were human-driven, which was the highest proportion recorded in the last twelve months. This did vary by industry, however. For example, fraudsters did not use human resources extensively in the travel sector, as it experienced a massive drop in consumer activity. On the other hand, the retail sector saw the highest human-driven attack rate.
Industry-specific highlights
The worst-hit industries from fraud and abuse attacks in Q2 2020 were gaming and retail. This is understandable as online gaming became a popular pastime in the absence of offline entertainment channels, and e-commerce soared with lockdowns restricting movement. Fraudsters are quick to spot these trends and target businesses at times of high traffic, attempting to blend in with good users.
Industry findings in the Q3 2020 Fraud and Abuse Report:
- Online Gaming: Staying at home, people turned to online gaming for entertainment. With the surge in genuine users, the sector also became the prime target for fraudsters. It registered a whopping 65 attacks per second. The most attacked touchpoint in Q2 2020 was logins, which rose 22% over the previous quarter. The sector also saw a surge in human-driven attacks in Q2 at 41%. Our analysis reveals that in-game abuse attacks—using click farms and bots to farm gold, loot items, or carry out repetitive actions to generate assets—rose 60% in 1H 2020 when compared with 2H 2019.
- Finance and Fintech: After an initial dip in April 2020, the attack levels on financial institutions in the Arkose Labs network rose notably in Q2 2020. These attacks were primarily human-driven and focused on application fraud.
- Retail and Travel: Responding to the situation created due to COVID-19, many retail businesses had to hastily incorporate e-commerce. New entrants into ecommerce are particularly vulnerable to fraud. In Q2 2020, one in five attacks targeting e-commerce sites were human-driven.
- Technology Platforms: Lockdowns and social distancing have meant work, education, socializing, and entertainment have gone digital. As a result, the technology industry was at the receiving end of targeted attacks. Human-driven fraud in Q2 2020 rose 57% while mobile attacks increased to 27%.
- Media: Digital media, streaming, and social media companies experienced high mobile traffic, which explains the elevated mobile attacks on these companies. 39% of the attacks on media companies were on mobile transactions—higher than any other industry. In Q2 2020, mobile attacks rose 31.5% compared to the previous quarter.
Top attack originators
In terms of attack origination, we were surprised to find the US, Germany, Russia, Canada, the Netherlands, and Israel emerge as the top attacking nations. In Q2 2020, well-established economies took over from the developing economies that have traditionally been the fraud hubs. This indicates the adaptability of the fraud ecosystem and its ability to quickly mobilize and take advantage of the changing economic circumstances.
Going in-depth into the regional attack patterns, our report revealed that Europe was responsible for the most fraud and abuse in Q2 2020, accounting for 47% of all global attacks, followed by North America at 32%.
Fraud and abuse prevention strategies for 2020
The “quarantine quarter” of Q2 2020 has brought upheaval for businesses at large. Further, businesses are operating in a highly hostile attack landscape with fraud trends only indicating an upswing in attack volumes. Therefore, businesses need robust defense mechanisms to overcome these heightened threats. They need to go beyond purely data-driven fraud defenses, to challenge high-risk traffic and traffic which falls into a gray area between 'good' or 'bad'.
Arkose Labs goes beyond risk scores, behavioral analysis, and mitigation, to combine real-time threat assessment with enforcement challenges. This removes the incentive for fraudsters and deters them for good, all the while allowing seamless user experience for true users.
Recommended Blog: Top Four 2020 Fraud Trends: COVID-19 Insights
About the Q3 2020 Arkose Labs Fraud and Abuse Report
The Q3 2020 Arkose Labs Fraud and Abuse Report is based on an in-depth analysis of attack patterns uncovered from actual user sessions spanning account registrations, logins, and payments from financial services, ecommerce, travel, social media, gaming, and entertainment. It provides businesses with actionable insights to help them adapt quickly to the ever-changing threats.
The Arkose Labs Fraud and Abuse Prevention Platform analyzed the attack patterns between April and June 2020. The report focuses on attacks from fraud outlets that combine state-of-the-art technology with stolen identity credentials and human efforts.
To read more insights on industry-specific fraud in Q2 2020, please download your copy of the Q3 2020 Arkose Labs Fraud and Abuse Report.