Your Quarterly Fraud Analysis: Emerging Attack Trends to Watch For
Fraud teams are well-aware of the seasonality of fraud attacks: the Mother’s Day spikes, the January blitzes, the summer slumps. But being aware doesn’t equal being prepared—many of the fraud leaders I talk to examine these patterns only in retrospect. This makes sense, as traditional fraud tools only provide that data as hindsights: once fraud outcomes are confirmed, you can ask how bad was it? and move forward with repairs.
But this approach doesn’t work against today’s sophisticated fraud. It’s like driving on a pothole-riddled road and instead of swerving, you’re just gripping the wheel tighter over every jolt. You can glance in the rearview mirror to see how big the crater was only after it rattled your car. A better approach would be, of course, to watch the road ahead and react in real-time to every upcoming obstacle with the appropriate response (small divot? Just drive a bit slower. Huge sinkhole? Maybe try a new route!).
Forward-facing, real-time fraud navigation can’t be built using the traditional rearview tools that you’ve been forced to rely upon. So, we set out to build a new road for you, based on our real-time predictive data. The result is our Fraudster’s Almanac: Your Guide to Preparing for Seasonal Fraud Attack Patterns report.
That report analyzes fraud patterns and fluctuations as compared to a baseline dataset from every month of 2023, and suggests ways to prepare for emerging fraud styles without adding new friction. Now, a few months into 2024, we’ve got a whole new dataset to analyze against the trends we saw from last year’s data. And the results are surprising.
What Fraud Trends Dominated Q1 2024?
At NeuroID, our unique behavior data enables us to track fraud patterns in real-time, at the crowd level, with insights into the likely causes and best ways to defend against every attack. This helps our clients use fraudsters’ predictability to their own advantage. Here’s what we’re seeing so far, three months into 2024:
- Fraud Attacks are Less Frequent: There’s been a 50% reduction in the number of fraud attack attempts in January 2024, as compared to January 2023. This trend continues into February and March, with a 54% reduction in February 2024 attacks from 2023, and a 64% reduction in March attacks from 2023.
- Fraud Attacks are More Aggressive: Despite the fewer attack events, the average number of risky users associated with each attack in January 2024 increased by 47% over January 2023 —almost doubling the impact of each individual attack. February was even more striking, with a 95% increase in attackers per attack. This tells us that while attacks are fewer, they are more aggressive due to that higher number of risky users per instance, which doesn’t level off until March. Said another way, fraudsters are attacking fewer organizations but doubling down on those they choose.
- Attack Strategies are Shifting: Despite the decrease in the overall number of attacks, we noticed a sizable increase in the sophistication of these attempts in February and March and a decrease in sophistication in January ‘24 when attacks were led predominantly by brute force strategies. The data also indicated a shift in the length of attacks as the year progressed: January’s longest attack lasted almost a week in both ‘23 and ‘24, but February and March’s longest attacks lasted only 2 days—more than twice as short as the year prior’s average.
That’s what the data is showing us. But what does it all mean?
Fraud Trends in 2024: Commentary and Hypotheses
The decrease in the quantity of fraud attacks could be attributed to several factors. One hypothesis is this is just a bias of our client set—that the implementation of real-time decisioning and advanced fraud detection by our clients has simply made them less lucrative targets. As we’ve seen, fraudsters probe targets before striking; if they are testing perimeters and finding fewer gaps to exploit, they are less likely to formulate a large-scale attempt, leading to this overall reduction in attack volume. This year, we also have more clients using real-time decisioning than in 2023, so we’re not surprised to see the fraud attack duration shrinking across the months as fraudsters are getting stopped in real-time and taking their “business” elsewhere.
But while the attacks are fewer, they are more aggressive, as indicated by that higher number of risky users per instance. This could be a sign of more brute force attacks, which are defined by a style that is focused and overwhelming. In a brute force attack, for example, a fraud ring might use an automated process of password guessing—cycling through breached credentials or entering well-known passwords—hundreds or thousands of times to gain access to an account. They aren’t giving up after one attempt, they’re doing this at scale across a target, and they’re dedicated to breaking through.
The rise in attack aggression, combined with fewer attacks, paints a picture of a fraudster mentality of “go big or go home.” If we follow the hypothesis that the less sophisticated fraudsters are giving up earlier, due to seeing no exploitable gaps and little ROI (remember, these are fraudsters who run a business like you—they’ve got to consider effort balanced by outcome), it only leaves the more sophisticated attacks and the brute force attacks that aren’t going to give up no matter what. The combination of fewer attacks and more attackers also suggests that fraudsters are concentrating their efforts on a smaller number of targets with a more intense focus. This could be due to the adoption of hyper-advanced techniques, such as generative AI, enabling them to be more vicious with minimal effort. It could also mean we’re going to see a higher influx of in-and-out fraudsters in 2024.
Implications for the Rest of 2024
We’re going to continue to keep an eye on trends for this year, how they’re shifting month to month, and how they compare to last year. As we all know, 2023 and 2024 have included some of the biggest technology shifts in the modern history of fraud, between genAI catching speed and new innovations like FedNow shaking up traditional fraud prevention. We know these are going to shift both methodologies and response systems, and we expect the unexpected.
What we like to see is that across the board, NeuroID clients are being hit by fraud less than at the same time last year. Our clients who had the biggest attacks in 2023 are significantly down in attacks for 2024: for example, one client had 102 hours of fraud attacks in January 2023, but only 4 hours in January 2024. Love this for them, and love it for us. Check in with us in June to see if this trend continues—or better yet, talk to one of our fraud experts to see if we can get your numbers down, as well.