Arkose Labs

In Q3 2025, fake account creation accounted for 46% of all fraudulent activity.

In Q3 2025, SMS toll fraud attacks targeting the gaming sector increased by 125%.

In Q3 2025, SMS toll fraud targeting the fintech sector grew by 97%, alongside a major spike in human fraud farm activity.

SMS toll fraud now comprises 78% of all attacks on the gig economy, up from 48% a year prior.

In Q3 2025, SMS toll fraud malicious traffic surged by 67% over Q2 2025, making it the fastest-growing attack type of the quarter.

In Q3 2025, the gig economy experienced 51% fewer attacks but 49% more malicious traffic, resulting in a 300% increase in average attack size.

80% of enterprises reported an improved cybersecurity posture as a result of AI adoption.

44% of companies feel very well prepared for AI-powered volumetric attacks, marking a sharp increase from 2024.

98% of enterprises feel confident in their ability to distinguish between human and AI agents.

Over half of enterprises are already using Agentic AI.

Enterprises are dedicating one-third of their cybersecurity budgets to AI.

70% of enterprises warn that Agentic AI will create fundamentally new security risks.

71% of enterprises state it is critical to urgently develop the capability to distinguish between human and AI agents.

Excluding U.S. traffic, the highest concentrations of fraud hubs are found in Brazil (over 11%), Great Britain (nearly 10%), Vietnam (over 6%), and Nigeria (9%).

Overnight fraud surges were observed in Vietnam (38%), Mexico (38%), and India (36%).

Malicious traffic surged nearly 20% from Q1 to Q2 2025.

The Roblox browser accounted for 18% of gaming attacks, indicating a platform-specific vulnerability

Sign-up fraud traffic in the Fintech sector escalated to 17 times the industry average.

Great Britain was responsible for 44% of attacks specifically targeting the Fintech sector.

Despite growth in mobile threats, desktop remains the favoured channel, accounting for 68% of attack traffic.

Three-quarters (75%) of scams now target critical workflows such as account creation and sign-in processes.

Dating platforms experienced a 61% surge in mobile attacks.

Desktop-based threats targeting dating platforms declined by 16%.

Attack automation services targeting gaming increased from 15% to 25% of all gaming-related attacks.

Evening fraud attack peaks were observed in Pakistan (65%) and The Philippines (43%).

The overall device distribution for dating platforms flipped from 55% desktop prevalence to just 39% desktop prevalence.

Average attack size grew by over 12% from Q1 to Q2 2025, demonstrating that attacks are becoming larger and more aggressive in scale.

The use of attack automation services increased from 31% to 36% of all attacks from Q1 to Q2 2025.

A single bad actor targeting just 5 gaming platforms with account takeover scams can pocket an average of US$145,176.

The top countries of origin of attacks are the United States, Vietnam, Great Britain, Germany, and Thailand.

A 48% spike in sign-up attacks occurred in the third quarter of 2024, aligning with major events like the Super Bowl and U.S. elections.

In El Salvador, threat actors make 20x more targeting gaming companies compared to those working as software developers.

The top three attack points used are account sign-up, sign-in, and account management

Five of the most targeted industries are technology, social media, gaming, retail, and fintech.

During the busy holiday shopping season in the fourth quarter of 2024, sign-up attacks jumped 309%.