An expert cyber crook can earn up to £6million a year, more than three times the average 2020 salary of a FTSE 100 chief executive, and even rookies are taking advantage, earning around £15,000 per month, according to statistics on the state of Internet account fraud and security, compiled by Arkose Labs.
The company said if it were a country, the global fraud industry would be the world’s third-largest economy, just behind the United States and China.
Chief Criminal Officer of Arkose Brett Johnson – the former ‘Internet Godfather’ who was a key player in the operation of cybercrime collective ShadowCrew – said it’s no surprise how or why the cybercrime underground economy has become so prominent.
“The temptation to commit online fraud is greater than ever, simply because the results are fetching thousands, if not millions of pounds, even for the newest and most junior cybercriminals in the chain,” Johnson said.
“Online criminals have a list of opportunities at their disposal – from refund fraud to account takeover,” he said. “They can almost choose the type of fraud they want to commit.
“In particular, marketplace and messaging platforms have become very popular in the fraud community, where cybercriminals can promote their own personal fraud business, recommend attack tools and techniques, and offer step-by-step guides. step-by-step free for the beginner scammer.”
Arkose’s report reveals there has been a tenfold increase in the number of people choosing the life of a career fraudster since 2019, the introduction of furlough policies and the growth of unemployment during the Covid-pandemic. 19 being the probable cause.
This echoes a report produced by Check Point, which found that desperate job seekers were turning to underground dark web hacking forums to seek work, tempted by the promise of quick cash payments.
“Unfortunately, many people have fallen on hard times, and many have been unable to find jobs,” Sean Wright, application security manager at Immersive Labs, told Computer Weekly at the time. “While this is not an excuse, it is understandable that some turn to cybercrime to make money in order to survive.
“Given some of the lenient sentences handed down for cybercrime, this makes it one of the lower risk crimes to commit, and sometimes has a proper payout as well,” he says. “There is also the disconnect with the victim, which makes it easier, on a personal level, to commit the crime for some. Some may even consider it victimless, when in reality it is not.
Arkose’s report found that up to 35% of total traffic to the most attacked companies’ websites was fraudulent and estimated that in the UK alone, 28% of all online transactions are now either fraudulent , or cyberattacks.
The sectors most frequently victimized are gaming, social and digital media, streaming services, technology, travel, retail and financial services, three of these sectors – gaming, financial services and technology – registering 88% of all attacks.
Arkose also highlighted other concerning trends – including a large spike in bot attacks in the first three months of 2022, which was consistently above average across 2021 as a whole, driven by scraping and credential stuffing on an unprecedented scale – up to 4% of all online logins are now credential stuffing attempts.
He also warned that many companies are wading through the metaverse without paying enough attention to cybersecurity – with master fraudsters quickly taking advantage of companies running new and untested strategies. Attacks on businesses operating in this space have increased by 40% in the last three months of 2021, and cybercriminals are investing heavily in escalating metaverse attacks.