Arkose Labs has released a new data-driven report detailing how modern threat actors are exploiting global events, emerging technologies and seasonal patterns to profit from digital fraud at an unprecedented scale.
The report, A Data-Driven Analysis of Threat Actor Behavior, draws on a year’s worth of scammer activity and provides rare insight into the psychology and tactics of fraudsters operating in today’s digital landscape.
The research reveals that a single fraudster can earn up to $145,176 by targeting just five gaming platforms using account takeover scams. The report also uncovers a 309% spike in sign-up attacks during the peak of the holiday shopping season in Q4 2024, with an earlier 48% surge recorded in Q3 during major global events such as the Super Bowl and U.S. elections. These patterns suggest that scammers are deliberately aligning attacks with high-traffic periods to maximise impact and evade detection.
Arkose Labs highlights the increasing sophistication of these threat actors, many of whom operate with support from “crime-as-a-service” platforms and leverage emerging tools like agentic AI to automate and scale their scams. The firm warns that these fraudsters are no longer isolated individuals but part of industrialised, organised operations with structured business models.
Arkose Labs chief operating officer Frank Teruel said, “The numbers are shocking. Threat actors are making major money attacking enterprises. This next generation of scammers is highly organized, supported by global crime-as-a-service platforms and rapidly adopting enabling technologies, like agentic AI. Our year-long analysis shows they time their scams around major events, emulate legitimate shoppers during the holidays and turn phishing into scalable business models…and that’s just the start.
“While we’re debating constraints around technology adoption, they’re on a tear expanding their reach. It’s time for cybersecurity, anti-fraud and risk leaders to soften the constraints on tech adoption and data sharing and start disrupting bad actors’ profit margins because if we’re not making fraud unprofitable, we’re making it inevitable.”
The report identifies the top countries of origin for attacks as the United States, Vietnam, Great Britain, Germany and Thailand. In a striking example, attackers in El Salvador were found to earn 20 times more from targeting gaming companies than from working as software developers.
The most affected industries include technology, social media, gaming, retail and FinTech. Attack methods are increasingly focused on key access points such as account sign-ups, sign-ins and account management systems. Arkose Labs outlines how attackers blend into legitimate user traffic, emulating real consumer behaviour to avoid detection.
Despite these challenges, the report also includes case studies showing how some enterprises are effectively disrupting fraud by increasing the cost of attacks and removing profitability. These efforts not only deter fraudsters but also help maintain seamless digital experiences for genuine users.
Arkose Labs’ findings underscore the urgent need for enhanced collaboration between cybersecurity professionals, risk teams and digital businesses. By sharing data and adopting cutting-edge tools, organisations can begin to tip the scales against organised digital fraud.
Read the full RegTech Analyst post here.
Keep up with all the latest FinTech news here
Copyright © 2025 FinTech Global
