Evolved phishing, SMS toll fraud and CaaS: what teams should watch

TL;DR: A 121% Q2 increase in cyberattacks over Q1 2023 and a warning that adversary-in-the-middle phishing, SMS toll fraud, and normalised cybercrime-as-a-service will intensify enterprise fraud and account takeover risk headline Arkose Labs’ 2024 threat forecast, according to Arkose Labs. The practical issue is not just more volume, but a more industrial attack model that outpaces awareness-only defences.

NHIMG editorial — based on content published by Arkose Labs: Foreseeing the Future Threatscape: 2024’s Bad Actor Forecast

By the numbers:

• With a 121% increase in total cyberattacks in Q2 over Q1 2023, attackers are moving faster and at greater scale.
• SMS toll fraud increased 141% in Q3 2023, underscoring how quickly abuse can become industrialised.
• 20-fold in 2024, ed to rise 20-fold in 2024, which would widen access to fraud tooling across criminal markets.

Questions worth separating out

Q: How should security teams reduce the risk of adversary-in-the-middle phishing?

A: Security teams should move high-risk accounts to phishing-resistant authentication, bind sessions more tightly to device or risk signals, and reduce reliance on reusable OTPs.

Q: Why does SMS toll fraud create IAM risk as well as financial risk?

A: SMS toll fraud turns an identity control channel into a monetisation channel.

Q: What do teams get wrong about cybercrime-as-a-service?

A: Teams often treat cybercrime-as-a-service as a backend market for advanced actors, but it is really an access multiplier.

Practitioner guidance

• Harden phishing-resistant authentication Prioritise passkeys, FIDO2, or other phishing-resistant methods for high-value user journeys so reverse proxy attacks cannot reuse captured credentials and sessions.
• Map SMS dependence across critical journeys Inventory where SMS still supports login, recovery, or verification flows, then rank those paths by abuse economics and business impact.
• Combine bot signals with identity telemetry Correlate device, behavioural, and session signals with identity events so fraud teams can spot synthetic activity before it becomes account compromise.

What's in the full article

Arkose Labs' full webinar covers the operational detail this post intentionally leaves for the source:

• Executive discussion of the 2024 threat forecast and how the panel ranks the top three enterprise risks
• Real-world attack examples showing how adversary-in-the-middle phishing and SMS toll fraud play out in practice
• Practical guidance on detecting bot-driven fraud patterns and scaling defences against CaaS
• Speaker perspectives from Arkose Labs executives on how enterprises should think about the coming threat landscape

👉 Watch Arkose Labs' webinar on 2024 cyber threat forecasts and fraud trends →

Evolved phishing, SMS toll fraud and CaaS: what teams should watch?

Explore further

View Full Forum →  |  NHI Foundation Course →