Account takeover fraud has soared through the pandemic, according to a report introduced these days by anti-fraud business Sift.
Sift’s Q3 2021 Electronic Believe in & Protection Index promises account takeovers greater threefold concerning Q2 2019 and Q2 2021. It now represents 39% of all fraud the company blocks.
Most of this raise occurred for the duration of the pandemic, with attacks rising roughly 2.8 times in the past year by yourself. The increase is ongoing, the report said, owning unsuccessful to revert to pre-pandemic levels.
Financial solutions had been the toughest strike, with account takeovers raising 850% involving Q2 2020 and Q2 2021. However, most of these attacks centered on cryptocurrency wallets and accounts, which are a well-acknowledged concentrate on for scammers.
Criminals will not usually do just about anything immediately noticeable to stolen accounts, these as modifying passwords. As an alternative, they examination the account qualifications on other solutions — an attack recognised as credential stuffing — to see if they can obtain the victim’s other accounts as well.
Hackers will also mine the accounts for credit score card information and facts, particular information, and password hints. This is potentially why there are so lots of repeat victims, as half of them have experienced accounts hijacked several situations.
Sift discovered that thieves stole revenue instantly from 45% of victims, and 42% of account takeovers resulted in unauthorized purchases with a stored credit rating card. A quarter of victims dropped loyalty and benefits factors, and one particular in five ended up doubtful of the full effects of the account takeover attack.
Automation is getting to be a even bigger factor in account takeover fraud, Sift warned. Attackers use bots to endeavor credential stuffing attacks applying massive lists of login credentials acquired on the dark web.
They normally use lists of servers that attempt to log in from distinct IP addresses to make their pursuits fewer suspicious. Sift correlates the addresses and servers to kind clusters of acknowledged poor addresses. The number of IP addresses in the greatest known IP cluster grew 50-fold in between Q1 and Q2 2021, thanks to an automated account takeover fraud team named Proxy Phantom.
Some sections of this report are sourced from: