1 in 5 cloud-based online user accounts may be fake

DataVisor, a leading fraud detection platform, recently announced in its quarterly fraud index report that more than one in five user accounts set up through cloud service providers may be fraudulent.

The Q2 2018 DataVisor Fraud Index Report is a quarterly assessment of types and methods of online fraud in social platforms and financial services. The current report uses information gathered by DataVisor between April and June of 2018, analyzing 1.1 billion active user accounts; 1.5 million email domains; 231,000 device types; and 562 cloud hosting providers and data centers, among other indicators.

DataVisor found 21.57 per cent percent of accounts originating from cloud service IP ranges appear to be fraudulent. Malicious accounts are eight times more likely to originate via cloud services than normal users. In fact, some cloud services and data centers can have more than 75 per cent fraudulent accounts, the study found.

The United States and China host the highest number of fraud attacks. More than 21 per cent of fake accounts targeting
online and financial services originated from the US, and 17 per cent originated from China. In attacks targeting North American online services, more than 45 per cent of the attacks originated in the US.

Interestingly, crime rings leverage different cloud service providers depending on the attack. Fraudsters targeting social platforms largely use Amazon Web Services; DigitalOcean appears to be preferred by fraudsters targeting mobile apps and financial services.

Coordinated attacks – a group of fraudulent accounts controlled by the same attacker – represent the majority of fraudulent activity in both social platforms and financial services, the report found.

More than 90 per cent of fake account registration in social platforms involves coordinated attacks; in the financial sector more than 40 per cent of application fraud comes from coordinated attacks.

While most fraudulent attacks occur less than a day after accounts are established, some “sleeper cell” accounts can lie in
wait for months or years before being used. On average, fraudulent accounts incubate for 35 days before attacking.

“This quarter’s DataVisor Fraud Index Report demonstrates that the increased adoption of the cloud has unintended consequences for the financial well-being of online businesses,” said Yinglian Xie, CEO and co-founder of DataVisor. “DataVisor is committed to educating businesses on trends in online fraud by providing regular quarterly reports on existing and emerging vectors of attack.

“This continuing series of reports draws insights from the DataVisor Unsupervised Machine Learning Engine and our Global Intelligence Network. With this approach, DataVisor is able to look across all events and users, and correlate groups of malicious users,” Xie explained. “We can accurately identify not only known attacks, but newer attack types that might go undetected.”

A full copy of the Q2 2018 DataVisor Fraud Index Report – as well as reports from previous quarters – are available online
on the special reports section of the website.