Arkose Labs Unveils Groundbreaking Threat Actor Behavior Analysis

Scammers earn six-figure annual salaries as sign-up attacks spike 309%; new analysis exposes the motivation and energy fueling trillion-dollar cyber-fraud economy

Arkose Labs, the leading global account security company, today announced the release of its new report, A Data-Driven Analysis of Threat Actor Behavior, which unveils exclusive insights from a year of scammer behavior data into how they operate in today’s digital ecosystem. The analysis reveals the psychology, motivations and tactics driving digital fraud and provides actionable intelligence for combating today’s sophisticated adversaries.

This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20250602233862/en/

Arkose Labs’ report, A Data-Driven Analysis of Threat Actor Behavior, unveils exclusive insights from a year of bad actor behavior data.

Insights into the economics of scams are revealed, including:

• Earning Potential: A single bad actor can pocket an average of US$145,176, targeting just 5 gaming platforms with account takeover scams.
• ‘Tis the Season: Timeline analysis reveals that major attacks align with high-profile events like the Super Bowl and U.S. elections, resulting in a 48% spike in sign-up attacks in the third quarter of 2024.
• Scammers Hide in a Crowd: Sign-up attacks jumped 309% during the busy holiday shopping season in the fourth quarter of 2024.

Arkose Labs’ analysis is shared at a critical juncture as threat actors have industrialized fraud, using AI-powered tools and systematic testing to turn attacks into profitable enterprises that can generate six-figure salaries per scammer.

“The numbers are shocking. Threat actors are making major money attacking enterprises,” said Arkose Labs Chief Operating Officer Frank Teruel. “This next generation of scammers is highly organized, supported by global crime-as-a-service platforms and rapidly adopting enabling technologies, like agentic AI. Our year-long analysis shows they time their scams around major events, emulate legitimate shoppers during the holidays and turn phishing into scalable business models...and that’s just the start. While we're debating constraints around technology adoption, they're on a tear expanding their reach. It's time for cybersecurity, anti-fraud and risk leaders to soften the constraints on tech adoption and data sharing and start disrupting bad actors’ profit margins because if we’re not making fraud unprofitable, we’re making it inevitable.”

The analysis reveals where attacks originate, the industries targeted and the techniques used:

• The top countries of origin of attacks: United States, Vietnam, Great Britain, Germany and Thailand. Other nations visible in the research include El Salvador, where threat actors make 20x more targeting gaming companies compared to those working as software developers.
• A list of five of the most targeted industries: technology, social media, gaming, retail and fintech.
• The top three attack points used: account sign-up, sign-in and account management, with details on the sophisticated techniques and mechanisms employed by threat actors.

While the analysis looks at every aspect of bad behavior, the report also chronicles the successes that enterprises are having in stopping scams cold and ensuring legitimate consumers have seamless digital experiences living, working and enjoying the internet. Case studies detail the measures taken to reduce the impact of threat actors by taking away their main incentive—profit—by raising the cost to attack big companies.

Arkose Labs’ analysis is a call to action for global enterprises, security professionals and individuals alike to heighten vigilance against fraud. By shining a light on the complex scam ecosystem, Arkose Labs reinforces its mission to enable a safer digital experience for all.

For more details on the company, visit Arkose Labs and follow the company on LinkedIn for fresh threat insights and breaking news.

For access to the full report, please visit this page.

About Arkose Labs

Arkose Labs is a leading global account security provider offering a comprehensive platform that combines proprietary device identification, phishing protection, email intelligence, scraping prevention, API security and bot management. The world's leading consumer brands—including two of the top three banks, Microsoft, Expedia and Roblox—rely on the company’s unified platform to reduce customer friction while preventing account takeovers, fake account sign-ups and SMS toll fraud. Its Security Operations Center (SOC) provides actionable insights from an extensive cross-industry intelligence network, which monitors legitimate traffic and attack patterns across global enterprises. With unparalleled proactive support for internal security teams, Arkose Labs goes beyond conventional security by actively partnering with customers to sabotage attacker profitability and disrupt threat actor groups like Storm-1152. Headquartered in San Mateo, California, the company maintains a global presence with offices throughout APAC, Central America, EMEA and South America.

View source version on businesswire.com: https://www.businesswire.com/news/home/20250602233862/en/

"Our year-long analysis shows they time their scams around major events, emulate legitimate shoppers during the holidays and turn phishing into scalable business models...and that’s just the start," said Arkose Labs Chief Operating Officer Frank Teruel.