Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'

Account Fraud Harder to Detect as Criminals Move from Bots to 'Sweat Shops'
Cheap labor, frequent data breaches, and better fraud detection technology are fueling frustrating changes in attackers' methods.

Fraud has changed. As tools to detect and mitigate bot-generated attacks have evolved and improved, criminals are employing cheap human labor to steal account credentials and money. And the economies of several developing nations is making that possible.



"It's cost economics," says Kevin Gosschalk, CEO of Arkose Labs. "Creating fake accounts for referral fraud used to be more cost-effective. But now we have so many more data breaches happening," which means that the cyber black market is flooded with legitimate account credentials available to criminals at affordable prices. "Five years ago that was not a thing."


This means criminals are now employing an almost "sweat shop" style of labor, says Gosschalk, hiring workers in locations like Venezuela, where the hourly wage is so low that it now makes economic sense to pay people to manually carry out fraud with stolen account data, instead of using bots, he says. 


"[Attackers are] giving people a script and saying 'here's [the] quota you have to hit,'" says Gosschalk. "Criminals are always trying to figure out what is [the] lowest-hanging fruit. As merchants and companies evolve with defenses, these attackers evolve. Humans just happen to have become the flavor of month."


Now "human-driven" attacks are increasing quickly. Arkose's most recent fraud report, covering Q3 2019, found that attacks carried out directly by humans—both lone perpetrators and organized groups—increased 33 percent over the previous quarter. Nearly one in every five fraud attacks were were manual rather than automated.


"The goal ..

Support the originator by clicking the read the rest link below.