Fintech companies experienced 2.5 times more online attacks in Q1 of this year than the two years prior, according to a new report from Arkose Labs.
Seventy-five per cent of attacks against fintechs were account takeover (ATO) attempts, while 96 per cent were driven by bots, revealed the Arkose Labs 2022 Q2 State of Fraud and Account Security report.
The first quarter of 2022 has seen ‘consistently higher’ bot-oriented attacks than the average across 2021, driven by large-scale scraping and credential stuffing attempts. Bot attack signatures are also three times more complicated today than in years prior, creating greater detection complexity for businesses.
Ninety per cent of human attacks in 2022 have targeted communication channels in gaming, dating and tech. Top targeted companies can see up to 35 per cent of traffic coming from human fraudsters.
The financial services, technology and gaming industries represent 88 per cent of all attacks versus all other industries combined.
Cybercrime as a career
Since the pandemic, the cybercrime workforce has exploded, according to the report, elevating cybercriminal earnings to exponential levels. Fraudsters are increasingly moving into online crime, with the introduction of furlough policies and rise in unemployment during the pandemic.
Newbie fraudsters are taking home approximately £15,000 a month. While some of the highest earning fraudsters known to be making around £6million a year. This compares to almost three times the amount that FTSE 100 chief executives were paid in 2020.
Brett Johnson, chief criminal officer at Arkose Labs is a reformed cybercriminal who served seven years in jail) says: “The temptation for committing online fraud is higher than ever simply because the results yield thousands, if not millions of pounds, for even the newest and most junior cybercriminals in the chain.”
”Online criminals have a shopping list of opportunities available to them – everything from refund fraud to account takeover. They can almost pick and choose which type of fraud they want to commit. In particular, marketplace and messaging platforms have become vastly popularised in the fraud community where cybercriminals can promote their own personal fraud business, recommend attack tools and techniques, and offer free step-by-step guides for the rookie fraudster.”
Metaverse naiviety
According to the report, too many businesses are wading into the metaverse without considering cybercrime implications. Attacks on metaverse companies increased 40 per cent since Q4 2021.
Unlike automated bot attacks, fraudsters are putting greater investment into metaverse attacks, requiring more human capital to execute phishing, spam and scams effectively.
Gaming companies have experienced 260 per cent more attacks. This is including a 85 per cent increase in fake account registrations, compared to Q4 2021. While technology companies were most impacted by fake accounts, attempting to monetise promotions and free trials.
Finally, the latest Arkose data found that one in every three cyberattacks is now coming from Europe. The UK alone saw 52.1 million attacks to online business in the first quarter of 2022.
