As the popularity of online shopping continues under the ongoing COVID-19 pandemic, researchers observed a surge in credential stuffing, account takeover (ATO) attacks, and gift card fraud.
Credential-stuffing attacks more than doubled in Q4 of 2020 compared to Q3 and increased by nearly 90% compared to Q1.
“2021 remains full of unknowns, however what’s certain is the frequency and severity of fraud will never return to pre-pandemic levels,” predicted Vanita Pandey, VP of Marketing and Strategy at Arkose Labs.
“With digital channels serving as an invaluable lifeline for much of the world, the Arkose Labs network saw 4 times as many transactions compared to the year prior. This increased activity has created an ideal breeding ground for attacks as fraudsters work to blend in with trusted users, rendering typical models of good versus bad user behavior obsolete.”
While a sustained increase in fraud in the ecommerce industry between Black Friday and the end of the year is a normal part of cybercrime’s ebb and flow, researchers noted something different about 2020.
“Last year, this sustained increase in fraud occurred across all industries, even those not typically associated with Black Friday, such as social media, online dating and financial services,” wrote researchers.
“This could be attributed to fraudsters leveraging social media or cloud-based communications platforms to spread disinformation about deals. It’s likely also a result of attackers targeting payment platforms or financial accounts and blending in with traffic due to increased consumer usage.”
In North America, fraud attacks, specifically those originating in the United States, surged in Q4 of 2020. Bots drove the region’s 24.2% attack rate, with just 3.5% of attacks being carried out by humans.
“Gaming was the top attacked industry, however social media and retail transactions also served as popular targets,” noted researchers.
Pandey warned more fraud was to come. She said: “As more consumers engage with digital commerce, companies will offer more promotions to remain competitive, which in turn will lead to fraudsters opening even more new accounts at scale in order to take advantage of these promotional efforts.”