DataVisor Fraud Index Report Q1 2018

Today, we released our first ever DataVisor Fraud Index Report for Q1 2018. As attack patterns and fraud techniques evolve, it is increasingly important for the community to have access to constant updates on the threats impacting their business. Going forward, we plan to release an index report on a quarterly basis in order to provide timely insights into the activities of fraudsters and malicious users across the globe.


The DataVisor report provides the latest insights into trends in global fraud activity and attack techniques. Last quarter, we uncovered a total of 900 million malicious activities and transactions. The report reveals dramatic growth in fraud infrastructure, with fraudulent accounts growing by 50% from Q4 2017 to Q1 2018.

North America Emerges as a Leading Source of Financial Crime

The number of fraudulent accounts originating from the U.S. doubled since the previous quarter. The U.S. hosts more than 23 percent of fake accounts targeting online and financial services in North America and Europe, dwarfing countries in Southeast Asia and Eastern Europe that have historically been hotspots for fraud.

Bad Actors Continue to Migrate to the Cloud

Fraudsters are taking advantage of cloud service infrastructure such as virtual servers and anonymous proxies. The cloud allows fraudsters to easily orchestrate attacks at scale and hide behind legitimate networks in order to remain anonymous and avoid IP blacklists. 27% of accounts associated with cloud service provider IP ranges appear to be fraudulent, with some cloud services and data centers having more than 90 percent fraudulent activity.

Fraudsters Step up Device Spoofing to Evade Detection

Fraudsters are getting better at mimicking legitimate user activities, including using device platforms popular among real users. 28% of fraudulent accounts originated from Mac OS X devices this quarter, representing a 4-fold increase over last quarter. As Mac OS is associated with fewer fraud activities in the past, fraudsters are likely spoofing their user agent strings to avoid detection.


“Our research shows that fraudsters are not only scaling up their attacks, but also becoming more sophisticated,” said Ting-Fang Yen, Director of Research at DataVisor. “Fraudsters are evolving quickly and using the latest technologies to evade detection – an example is the widespread practice of device and OS spoofing. Solutions that automatically adapt to ever-changing attacks will be critical for businesses looking to protect themselves against fraud and abuse.”

The DataVisor Fraud Index Report for Q1 2018 is based on attacks detected by the DataVisor UML Engine between January and March of 2018 from analyzing 40 billion application-level events and 680 million user accounts across some of the largest internet properties and financial services in the world.

Download the full report here >>