The leading mobile device platform is not the preferred choice of digital fraudsters.
According to the DataVisor Digital Fraud Trends Report 2021, 85% of total mobile users have an Android device. Yet Windows devices, only owned by 11% of total mobile users, represent more than 50% of fraudulent users.
Since May 2020, DataVisor has seen an increase in fraudulent accounts using less common mobile platforms, such as Blackberry, Linux, and Chrome. However, the fraud rate for mobile platforms is only 0.5%, compared to 7.4% for desktop platforms. Desktop platforms also show a higher percentage of fraudulent user accounts (34%) than mobile platforms (26%).
Examining fraud rates of transactions performed via e-commerce and social platforms between March and October 2020, DataVisor found a spike in e-commerce fraud rate occurred between April and June 2020. According to DataVisor, this increase is congruent with a general COVID-19-driven shift toward e-commerce in that timeframe and represents fraudsters taking advantage of more opportunities to commit e-commerce fraud.
Meanwhile, social platforms maintained a generally high increase in fraud rate throughout the seven-month period, representing what DataVisor says is the importance and vulnerability of social media as a communication channel.
DataVisor also determined that 100% of fraudulent accounts use automation at some point in their lifecycles, making it harder to distinguish between humans and bots. At account registration time on social, e-commerce and marketplace sites, 55% to 90% of fraudulent accounts use scripted names, nicknames, or email addresses. At least 30% of fraudulent accounts originated from IP ranges associated with data centers, VPNs, or proxies on platforms that experience massive coordinated attacks.
Across all platforms, DataVisor observes that 40% of fraudulent accounts exhibit “spiky” behavior with sudden rapid succession of activities (a sign of scripted behavior). Two percent of fake accounts have been confirmed to solve CAPTCHA security tests that present automated challenge-response tests, and CAPTCHAs have a reported false positive rate of 8%, which rises to 29% if the test is case-sensitive.
Other interesting findings include:
• Online retailers can capture 4-6% of fraud attempts by examining the category and reputation of digital entities.
• Up to 40% of scammers on marketplace platforms reuse phone numbers or addresses in their fraud attempts.
• 22x more fraud attempts made by device manipulation use rooted (enhanced user privileges) or jailbroken (user restrictions removed) devices than with devices without one or both of these modifications.
DataVisor analyzed 128 billion events and more than 2 billion users.