Report spotlights a 67% surge in SMS toll fraud, 125% increase in gaming attacks, and 97% rise in fraud targeting the fintech sector

Arkose Labs, the leading fraud prevention, device ID and bot management company, today announced the release of its latest threat intelligence report, Enterprises Under Attack: Quarterly Threat Actor Patterns - Industry Trends, Analysis and Benchmarks. The Q4 2025 analysis reveals a dramatic shift in fraudster tactics, marked by an explosion in SMS toll fraud and a move toward highly selective, large-scale attacks.

“Our latest data leaves no room for doubt, fraudsters are not just getting smarter, they’re getting bolder,” said Frank Teruel, Chief Operating Officer at Arkose Labs. “Organizations are facing larger-scale, precision-driven attacks, while foundational threats like fake accounts continue to be relentless. This is bound to get worse with Agentic AI attacks. Leaders who understand the evolving playbook will be better equipped to disrupt attacker economics and safeguard their customers.”

The new report exposes SMS toll fraud as the breakout threat of Q3 2025, with malicious traffic and monetization scams sharply increasing across key verticals. SMS toll fraud occurs when attackers generate high volumes of fraudulent text messages to premium numbers in order to profit from revenue-sharing arrangements. Highlights include:

• 67% overall surge in SMS toll fraud malicious traffic, making it the fastest-growing attack type of the quarter
• 125% increase in SMS toll fraud attacks targeting the gaming sector
• 97% growth in SMS toll fraud targeting fintech, alongside a major spike in human fraud farm activity
• SMS toll fraud now comprises 78% of all attacks on the gig economy, up from 48% a year prior

This dramatic escalation signals a clear move by adversaries toward more direct and profitable monetization schemes.

Shifting Attack Patterns: Fewer, Bigger Strikes

Analysis reveals a new era of fraud characterized by precision campaigns that create outsized impact. Overall attack volume remained nearly steady, but average attack size grew dramatically. The gig economy, in particular, experienced 51% fewer attacks but 49% more malicious traffic, resulting in a 300% increase in average attack size. This demonstrates a move toward concentrated, high-value exploitation. Attackers are increasingly abandoning low-return, widespread attacks in favor of fewer strikes aimed at vulnerable, high-reward entry points.

Persistent Fake Account Problem:

• Fake account creation remains the #1 attack type, accounting for 46% of all fraudulent activity. This enduring threat enables a spectrum of downstream abuse, including loyalty program exploitation and romance scams.
• Despite substantial security investments, sign-up flows stand out as the weakest link across all nine industries analyzed, making them a primary and persistent target for adversaries.

Leveraging real attack data from Arkose Labs’ global network, which safeguards some of the world’s most recognized brands, the report delivers unmatched clarity into the true scale and nature of digital threats. Unlike conventional surveys or simulated data, these findings are grounded in actual events and behavior patterns observed across a diverse industry landscape. Understanding these evolving attack tactics enables organizations to implement proactive measures that disrupt attacker economics and more effectively protect their customers.

To learn more about these results or to download the study, visit: www.arkoselabs.com/resource/enterprises-under-attack-quarterly-threat-actor-patterns-released-q4-2025-report/

About Arkose Labs

Arkose Labs is the leading global provider offering a proactive fraud deterrence platform purpose-built to neutralize modern attacks, including those powered by Agentic AI and large language models (LLMs). Its comprehensive solution combines proprietary device identification (device ID), behavioral analysis, phishing protection, email intelligence, scraping prevention, API defense and bot management. Trusted by the world’s leading consumer brands, Arkose Labs stops account takeovers, fake account creation, LLM-driven scraping and SMS toll fraud. The platform actively undermines attacker ROI by introducing dynamic friction, making it economically unsustainable for adversaries to persist. Its Security Operations Center (SOC) provides actionable insights from an extensive cross-industry intelligence network, which monitors legitimate traffic and attack patterns across global enterprises. With unparalleled proactive support for internal security teams, Arkose Labs goes beyond conventional security by actively partnering with customers to disrupt organized fraud networks such as Storm-1152. Headquartered in San Mateo, California, the company maintains a global presence with offices throughout APAC, Central America, EMEA and South America.

View source version on businesswire.com: https://www.businesswire.com/news/home/20251217521684/en/

"Our latest data leaves no room for doubt, fraudsters are not just getting smarter, they’re getting bolder,” said Frank Teruel, Chief Operating Officer at Arkose Labs.