In its 2019 Q3 Fraud and Abuse report, fraud prevention technology firm Arkose Labs outlined current trends in the online fraud and risk landscape. The report was based on over 1.2-billion user sessions (transactions) and attack patterns analyzed by the Arkose Labs Fraud and Abuse Prevention Platform from April 1 to June 30, 2019.
Evolving threats listed by Arkose Labs were payment fraud, denial of inventory, inventory scalping, gift card fraud, fake accounts, spam and malicious content, API abuse, account takeover, search and scraping, and brute force attacks.
Also mentioned as exacerbating factors were the global availability of stolen and breached user data as well as developing economies becoming hubs of fraud due to easy access to sophisticated tools, availability of manual labor, and large economic incentives associated with online fraud.
According to Arkose Labs, the Philippines is the single biggest originator of attacks across both automated and malicious human traffic with US a distant second. Rounding out the rest of the top five source of attacks were Russia, China, and Indonesia. Except for China, where attacks were primarily being human driven, automated attacks represented the bulk of traffic.
Various reports and conditions support the findings of Arkose Labs about the Philippines such as:
- The Philippines is a hyper-connected country with 79 million Internet users, an online demographic larger than the living populations of Canada, Australia, New Zealand, and Singapore combined. Global agency We Are Social also reported that Filipinos are the top Internet users globally with the most time spent online at an average of 10 hours and 2 minutes spent per day on the Internet.
- Awareness and preparedness on cybersecurity in the Philippines is very weak, with the Philippines being among the most prone to cybersecurity attacks.
- There is a high incidence of software piracy in the Philippines. According to a 2017 report by BSA and IDC, the Philippines had a 64% rate of unlicensed software installation, which is higher than the Asia Pacific regional average of 57%. Malicious actors often embed malware into cracked unlicensed software and infected PCs can be turned into botnet platforms used to launch automated attacks.
- The Philippines is home to an underground industry of spammers, click farms, and account farms.
- In 2015, Doug Clark reported how just a single operation in Lapu-lapu City, Cebu was generating thousands of social media phone-verified accounts (PVAs).
- Also in 2015, a Vocativ report showed how most of Donald Trump’s Facebook likes were coming from outside of the USA, and that most likes originated from the Philippines.
- In 2018, the New York Times reported on the large-scale operations of Devumi, a shady company which sold Twitter followers and retweets and had staff operating from the Philippines.
What then can be done?
- The Department of Information and Communications Technology (DICT) and Department of Education (DepEd) must pursue a more aggressive form of cybersecurity and cybersafety awareness in their Internet Media and Information Literacy (IMIL) campaigns, not just in schools as part of the curriculum and with the youth but also with the older population.
- Facebook and Google which have Philippine offices should strongly consider filing legal cases against click farms and account farms for computer-related fraud as these outfits get away with their operations in the Philippines with no aggrieved parties to file cases against them.
- The ordinary online Filipino must stop patronizing pirated software as the social and financial risk of malware infections can severely impact their lives, like with stolen passwords for e-banking, online transactions, and social media accounts.
Arkose Labs will have a webinar on their 2019 Q3 Fraud and Abuse report to break down and analyze their findings on Wednesday, September 25 at 1:00am Philippine Standard Time.
The author is an ICT advocate and a member of Democracy.Net.PH, an ICT rights, governance, development, and security advocacy group.