Account takeover (ATO) fraud occurs when identity thieves use stolen credentials to take control of a legitimate user account.
ATO fraud is increasing across all industries, with a majority of the attacks detected on the Arkose Global Network occurring at the login point. Credential stuffing attacks, which involve using bots to constantly try different username and password combinations until a match is found, more than doubled in Q4 2020 compared to Q3 2020.
In a poll of 100 IT executives commissioned by Arkose Labs, most respondents said ATO attacks cost between $50 and over $200 per incident, which can add up to a huge expense if an organization experiences thousands of these attacks.
Many cybercriminals start out committing ATO fraud because there are numerous free or low-cost tools available to help them execute attacks at scale, as well as public, online tutorials on how to use these tools. Years of large-scale data breaches have made it easy for identity thieves to get username and password combinations.
Cybercriminals also like ATO fraud because it enables them to carry out many types of downstream attacks. Through ATO fraud, identity thieves can drain funds from bank accounts; apply for loans or credit cards; make fraudulent payments; carry out phishing scams; redirect shipments; launder money; steal rewards points; resell subscription information; and carry out drug- and human-trafficking, among other crimes.
Financial services and fin-tech accounts are the most vulnerable to cybercriminals because they can steal money from them and gather sensitive information. However, hackers will also target gaming, travel, social media, and streaming services accounts.
A successful ATO attack involves these three steps: 1. Credential harvesting (using phishing, malware, or social engineering attacks or exploiting database security vulnerabilities); 2. Account validation (often using botnets); and 3. Account takeover (when a fraudster buys a list of compromised accounts).
Ways to detect and stop ATO attacks include assigning risk scores and creating rules to verify digital identities, multi-factor authentication, CAPTCHAs, and reviewing every user manually. The Arkose Labs Fraud and Abuse Prevention Platform uses data-driven, real-time fraud intelligence with secondary screening of risky traffic. "Account Takeover Fraud: What It Is And How To Stop it" arkoselabs.com (Jun. 29, 2021).