Light Dark
May 7, 2018 By Shane Schick 2 min read

According to the latest cybercrime statistics, more than 210 million attempted fraud attacks occurred during the first quarter of this year, representing a 62 percent increase from 2017.

In its “Q1 2018 Cybercrime Report,” ThreatMetrix reported a record volume of 1 billion bot attacks, 100 million of which came from mobile device users. These campaigns primarily targeted e-commerce merchants. In fact, the report suggested that e-commerce transactions are 10 times riskier than those in a more traditional financial services setting.

Cybercrime Statistics Indicate Increasing Sophistication of Fraud Attacks

The rising use of bots may reflect the increasing sophistication of attacks involving fraudulent online payments and the creation of phony new accounts, according to ThreatMetrix. For example, there were 150 million rejected transactions over the course the quarter, representing an 88 percent increase over the same period a year ago. Bots are being used to launch account validation attacks, test passwords on good user accounts and more.

The report noted that cybercriminals are also evolving in terms of the frequency, complexity and duration of attacks. In some cases, high-volume attacks are being conducted over sustained periods of days or even weeks, as opposed to the shorter, more isolated incidents that have been detected in the past.

The authors admitted, however, that there are still unanswered questions about attack volumes since some victims may be slow to discover, contain and report breaches.

E-Commerce Fraud: A Global Threat

It’s no wonder that cybercriminals are focusing on e-commerce, the study noted, given that merchants are trying to strike the right balance between providing a streamlined user experience and protecting customers’ information. The report revealed that payment attacks represented only 3.6 percent of incidents. Incidents occurring during the login and account creation stages, meanwhile, accounted for 13.5 and 32.8 percent of attacks, respectively.

While the U.S., U.K. and other large European countries have traditionally been the top regions in terms of attack origins, ThreatMetrix reported an increase in activity from smaller growth economies, such as Russia and Vietnam. In other words, as the world becomes more digital, the work of cybercriminals and bots is becoming equally global in scope.

 |  |  |  |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

February 14, 2025

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature