searchtwitterarrow rightmail strokearrow leftmail solidfacebooklinkedinplusangle upmagazine plus
Help Net Security - Daily information security news with a focus on enterprise security.
  • News
  • Features
  • Expert analysis
  • Videos
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Product showcase
  • Newsletters
  • (IN)SECURE Magazine
Help Net Security
Help Net Security
October 6, 2021
Share

ATO attacks increased 307% between 2019 and 2021

Sift released a report which details the evolving methods fraudsters employ to launch account takeover (ATO) attacks against consumers and businesses. The report details a sophisticated fraud ring that sought to overwhelm e-commerce merchants by innovating upon typical credential stuffing campaigns.

ATO attacks increased

Specifically, the fraud ring, dubbed Proxy Phantom, used a massive cluster of connected, rotating IP addresses in carrying out automated credential stuffing attacks to hack user accounts on merchant websites. Using over 1.5 million stolen username and password combinations, the group flooded businesses with bot-based login attempts to conduct as many as 2,691 login attempts per second—all coming from seemingly different locations.

As a result, targeted merchants using rules-based fraud prevention methods would be forced to play a supercharged, global game of “whack-a-mole,” with new combinations of IP addresses and credentials (likely purchased in bulk on the dark web) coming for them at an unthinkable pace.

Account hacking explodes during pandemic

The report also revealed a staggering 307% increase in ATO attacks between April 2019—shortly after many COVID-19 stay-at-home orders were enacted—and June 2021. This attack method made up 39% of all fraud blocked on Sift’s network in Q2 2021 alone.

Fintech under fire

Sift’s network data uncovered significant ATO risk for the fintech and financial services sector and its users. ATO attacks against the fintech sector soared 850% between Q2 2020 and Q2 2021, mainly driven by a concentration on crypto exchanges and digital wallets, where fraudsters would likely try to liquidate accounts or make illicit purchases.

Additionally, 49% of consumers surveyed as part of the report feel most at risk of ATO on financial services sites compared to other industries—and with good reason. Of the ATO victims surveyed, 25% were defrauded on financial services sites, validating the public’s sentiment that these sites are some of the riskiest.

ATO attacks’ cascade of chaos

The report also paints a detailed picture of the ripple effects of ATO attacks on both businesses and consumers alike. Key findings include:

  • Compromise breeds compromise: 48% of ATO victims have had their accounts compromised between two and five times.
  • ATO leads directly to brand abandonment: 74% of consumers surveyed say they would stop engaging with a site or app and select another provider if their account was hacked on that site or app.
  • The aftermath of an ATO attack: 45% of those who experienced ATO had money stolen from them directly, while 42% had a stored credit card or other payment type used to make unauthorized purchases, and 26% lost loyalty credits and rewards points to fraudsters. Perhaps most worrisome is 19% of victims are unsure of the consequences of their accounts being compromised.
  • Waning trust in ecommerce: 20% of consumers surveyed feel less safe shopping online today than they did a year ago.

Defending against the fraud economy

“As the discovery of the Proxy Phantom fraud ring demonstrates, fraudsters will never stop adapting their techniques to overwhelm traditional fraud prevention, making suspicious logins look legitimate, and legitimate ones look suspicious,” said Jane Lee, Trust and Safety Architect at Sift.

“At the same time, poor consumer security habits—like reusing passwords for multiple accounts—make it easy and continue to breathe life into the Fraud Economy. To proactively secure customer accounts and fuel expansion into new markets, merchants need to adopt a Digital Trust & Safety strategy to stop these advanced attacks before they shatter consumer loyalty and stifle growth.”




More about
  • account hijacking
  • cyber risk
  • e-commerce
  • fraud
  • report
  • Sift
  • survey
Share this

Featured news

  • iPaaS: The latest enterprise cybersecurity risk?
  • Conti effectively created an extortion-oriented IT company, says Group-IB
  • Inside a large-scale phishing campaign targeting millions of Facebook users
Webinar: What’s trending in email security?

What's new

New infosec products of the week: June 24, 2022

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

How companies are prioritizing infosec and compliance

iPaaS: The latest enterprise cybersecurity risk?

Don't miss

Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns

iPaaS: The latest enterprise cybersecurity risk?

Conti effectively created an extortion-oriented IT company, says Group-IB

Automotive hose manufacturer hit by ransomware, shuts down production control system

Inside a large-scale phishing campaign targeting millions of Facebook users

Help Net Security - Daily information security news with a focus on enterprise security.
Follow us
  • Features
  • News
  • Expert Analysis
  • Reviews
  • Events
  • Reports
  • Whitepapers
  • Industry news
  • Newsletters
  • Product showcase
  • Twitter

In case you’ve missed it

  • How to keep your NFTs safe from scammers
  • Is your organization ready for Internet Explorer retirement?
  • Attackers aren’t slowing down, here’s what researchers are seeing
  • Why you should worry about medical ID theft

(IN)SECURE Magazine ISSUE 71.5 (June 2022)

Several of the most pressing topics discussed during this year’s Conference included issues surrounding privacy and surveillance, the positive and negative impacts of machine learning and artificial intelligence, the nuances of risk and policy, and more.

Read online
© Copyright 1998-2022 by Help Net Security
Read our privacy policy | About us | Advertise