Account takeover attacks surge by over 300 percent
Account takeover (ATO) attacks jumped a massive 354 percent year-on-year in Q2 2023 according to the latest quarterly Digital Trust and Safety Index from Sift.
Analysis across Sift's global network shows the fintech and food and beverage categories experienced especially large increases. ATO spiked 808 percent across fintech, hitting loyalty sites and crypto, and opening the gate to downstream payment fraud, while the food and beverage industry saw a 485 percent increase in ATO.
Consumers echo these findings, with 18 percent of those surveyed by Sift having experienced account takeover attacks, 62 percent of those taking place in the past year. Over 34 percent of victims were defrauded two or more times, typically while using sites or apps for digital subscriptions, online shopping, and financial services.
Sift experts have also observed that fraudsters are increasingly moving off of the dark web, instead operating in broad daylight and using major social platforms to actively recruit new bad actors, before moving them off-platform to messaging apps where they can market stolen credentials or fraud-as-a-service schemes. Sift's trust and safety architects have been closely following several social media accounts of known fraudsters who are using TikTok and Instagram to market their fraud offerings and show off their bounty from successful attacks, then funneling interested users to Telegram where they’re able to buy stolen credentials.
"2023 has been the year of the account takeover," says Kevin Lee, vice president of trust and safety at Sift. "We've seen a perfect storm of factors, from AI-fueled social engineering, the availability of fraud-as-a-service tools, and fraud influencers democratizing access to stolen accounts, leading to an ATO explosion. And while fraudsters are leveraging the most innovative tools and techniques available to steal from businesses and consumers, those businesses need to take advantage of technologies like machine learning and automation to defend against digital risk."
You can get the full Q3 Digital Trust and Safety Index on the Sift site.