5 Key Takeaways from the New “State of Sophistication in Fraud” Report
DataVisor’s new Q1 2020 Digital Fraud Trends Report provides expert insights from industry leaders, and actionable strategies for how to detect, decode, and defeat sophisticated digital threat attacks.
With every research report we deliver, we delve further into the complexities of modern digital fraud. For our new annual report, sophistication itself is our topic.
As our research team worked through a year’s worth of proprietary data to create our exclusive new “State of Sophistication in Fraud” report, it was abundantly clear that the ever-increasing sophistication of modern digital fraud is truly one of the defining topics of the digital economy’s new decade. What was also clear, is how critical it is that enterprises today understand what sophistication really means, and, more importantly, what’s required to detect, defeat, and prevent sophisticated, modern threat attacks.
DataVisor’s co-founders, Drs. Yinglian Xie and Fang Yu, speak to these realities in the Executive Insight that leads off the new report:
“The range of tools, techniques, and technologies fraudsters have at their disposal, the scale at which bots and automation enable them to operate, and the volumes of stolen and leaked data available to them on any given day, all combine to create a situation in which fraudsters have almost limitless power and possibilities. Add to this all the ongoing new vulnerabilities being exposed through rapid innovation in large sectors such as financial services, healthcare, and insurance, and you have a fraud landscape that is almost indescribably complex.”
While this may seem to paint a dire picture, Yinglian and Fang make clear that “knowledge is power,” and they go on to detail what the report offers in the way of actionable insights:
“Over the course of analyzing and digesting this report, you will come to understand what a sophisticated attack looks like, and how sophisticated attacks are built and launched. You will learn the tools and techniques fraudsters use to mount these attacks, and how to identify the signals given off in the process. You will explore what’s required to expose and block even the most sophisticated of fraud attacks, and discover how technologies like unsupervised machine learning empower your organization to do so in real time, at scale.”
Below please find some of the key takeaways from our new report!
5 Takeaways from “The State of Sophistication in Fraud”
1. High Sophistication Fraud Attacks Are More Stealthy
Stealth is a signature hallmark of high-sophistication fraud attacks. These types of attacks are more deliberately obscured, obfuscated, and disguised, and the fraudsters behind them are more subtle in their actions and efforts. They employ multiple tools to help ensure that the fraudulent accounts they control can more successfully blend in with legitimate users.
2. A Majority Of Fraudulent And Malicious Accounts Are Used In Attacks Very Soon After Registration
Between 42%-87% of coordinated fraudulent accounts attack within one hour of registration, and 81%-92% attack within twenty-four hours. This reality poses serious challenges for detection solutions, and serves to make clear that early detection capabilities are an absolute necessity. That said, it’s essential that businesses are also addressing incubation threats. As but one example, our research indicates that, on financial platforms, more than 10% of fraudulent accounts will incubate for more than 30 days before being put to use in an attack.
3. Some Form Of Bots Are Used In Virtually All Fraud Attacks
Our research shows that “location-hopping bots,” which originate from IP addresses located in multiple countries or territories, make up 18% of fraud attacks. We also note that “spiky” or “bursty” bots (ones that perform many actions within a short time frame before going dormant) are much more common than “naive” bots that exhibit strictly periodic activities — we observe their usage in 22% of fraud attacks.
4. 15% of attacks are fast-growing; doubling their size or more overnight
Fraud attacks grow over time by gaining new fraudulent accounts, either from registering fake accounts, or compromising existing accounts. Approximately 52% of fraud attacks are “static”; meaning, they do not gain more fraudulent users over time, but acquire them in one shot. Roughly one-third of attacks grow at a relatively slow pace — under 50% of their original size. 15% of attacks are classifiable as “fast-growing”; meaning, they double their size or more overnight.
5. Fraud Signals Have Short Shelf Lives
Fraud signals — those characteristics that are shared by the majority of fraudulent accounts in an attack — may be IP addresses, device types, user-agent strings, nicknames, or common pieces of content. By spotting and identifying these signals, we are able to close in on a specific fraud ring, which is how we ultimately neutralize attacks. However, fraud signals don’t remain relevant for long. For example, the median lifetime of IP fraud signals across all attacks is four days. This means that a fraud attack will only utilize the same IP address for four days, after which they move on to a new address. Over the course of 2019, we observed 104K unique IP fraud signals across 1.57 million fraud attacks.
Conclusion
If there is a summarizing point we can make, it’s this: Digital threat attacks today are highly sophisticated. The scale is massive, the speed unprecedented, and the potential damage incalculable. There is only one way to address this stark reality — you need to take early, proactive action. Real-time detection and response capabilities that protect your business, your customers, and your data, are not a luxury. They’re mandatory for business survival.
In “The State of Sophistication in Fraud” we feature expert insights from industry leaders, and draw on exclusive data and research to provide actionable strategies for detecting and defeating even the most sophisticated threat attacks. Please download the report today. This is mission-critical knowledge.
