Trends in Account Takeover Fraud

Security breaches and account takeovers (ATOs) are making headlines this year. High-profile incidents, like the massive data breach of 2.9 billion records, the Ticketmaster data hack, scams following the CrowdStrike outage, and the rise of AI-generated deepfakes, all underscore the widespread consequences of this growing threat.

 

ATO has proven to be an increasingly costly issue. In 2023 alone, account takeover fraud resulted in nearly $13 billion in losses, up from $11 billion in 2022. This form of fraud results in the unauthorized access of accounts using stolen credentials obtained from data breaches, phishing attacks, and malware to make fraudulent transactions, steal sensitive information, or launch further attacks. Given the expanding scope and rising costs associated with ATO, prioritizing account security and safeguarding digital trust is both expected by consumers and made more difficult with every data breach.

graphic
Woman in hat sitting at desk with laptop
24% increase in average ATO attack rate across the Sift Global Network Q2 2023: 2.9% Q2 2024: 3.6%

Rising Account Takeover Attacks

The average ATO attack rate saw a significant 24% increase across the Sift Global Network in Q2 2024 compared to the same period in 2023, rising from 2.9% to 3.6%. This surge is part of a continuing trend, as ATO attacks have been steadily climbing in recent years. Notably, this follows a staggering 354% year-over-year increase in Q2 2023, underscoring the persistent and growing threat of ATOs. 

Industry Insights

Some industries, such as marketplaces, e-commerce, and ticketing, have faced significant spikes in ATO over the past year. Marketplaces, in particular, have seen increased usage during challenging economic times as the higher cost of living has prompted many to sell unwanted items, inadvertently attracting fraudsters seeking to exploit marketplace platforms. These fraudsters often follow consumer spending patterns, targeting user accounts more likely to contain stored payment information and credits, like in e-commerce. For the ticketing industry, the ATO attack rate has remained alarmingly high in the double digits, as data breaches make accounts more vulnerable, and consumers often leave their accounts unmonitored.

Trends in Two-Factor Authentication

Businesses are increasingly adopting two-factor authentication (2FA) to secure user accounts from unauthorized access. However, the rate of adoption can vary greatly based on the type of business, risk thresholds, and transaction volume and speed. Certain industries, like ticketing, fintech, marketplaces, and retail, maintain higher 2FA rates than the average across the Sift Global Network due to their higher transaction values and sensitivity to account security. The ticketing industry’s high 2FA rate reflects heightened security measures following the massive Ticketmaster breach and bot attacks causing the Taylor Swift ticket sale dilemma. By contrast, industries known for fast and frequent transactions, such as food ordering and delivery, remittances, and transportation, have a lower than average 2FA rate to keep up with demand and keep consumer friction low.

21% increase in the average 2FA rate across the Sift Global Network, from 9.1% in Q2 2023 to 11% in Q2 2024 Higher than average: ticketing (60%), marketplaces (15%), fintech (13%), retail (13%) Lower than average: food ordering & delivery (6.1%), remittances (2.1%), transportation (1.5%)

Consumer-Driven Insights on ATO Vulnerability

Password reuse is one of the leading reasons ATO can cause so much collateral damage, with 78% of individuals using the same password for more than one account. This means that once a fraudster gains access to one account, they’re able to access multiple with the same credentials before the victim is made aware of the breach and updates their passwords. 

 

Data shows that more consumers are dealing with ATOs in 2024. 24% of consumers surveyed* by Sift have been a victim of ATO in the past year, up from 18% in 2023. The survey also shows that fraudsters target sites with large audiences, like social media platforms, to spread additional scams, as well as digital streaming services, where users frequently reuse and share passwords. They also tend to target banks and credit card accounts because they offer a higher potential for financial gain.

graphic
24% of consumers have been a victim of account takeover in the past year.
Top websites and apps for ATO reported by consumers 39% social media platforms 38% subscriptions for digital streaming services 35% bank or credit card account 22% online shopping 15% online gaming platforms 13% food delivery services 12% subscriptions for physical goods 11% online gambling sites 9% hotels and lodging 9% crypto platforms and exchanges
Abstract waves in a blue circle, green background

The Consequences of ATO

Account Takeovers (ATOs) are not the final goal for fraudsters, but rather a stepping stone in their broader scheme for illicit financial gain. The consequences of an ATO can quickly escalate, creating a ripple effect that impacts the victim, the business, and any other businesses where the victim uses the same credentials.

 

When an account is breached, it can lead to various forms of financial damage, including the theft of stored payment information, unauthorized purchases, and the loss of rewards, loyalty points, or credits. This highlights the interconnected nature of the Fraud Economy—an ATO on one account can trigger payment fraud across multiple accounts and businesses.

What Happens to Compromised Consumer Accounts 38%: Stored credit card or payment information was used to make unauthorized purchases on other websites. 33%: Stored credit card or payment information was used to make an unauthorized purchase on the website where their account was compromised. 30%: Rewards points, loyalty points, stored money, or credits were taken out of their account. 25%: Unsure of what happened to their compromised account(s).

AI's Impact on ATO

Advancements in generative AI and automation tools are making it increasingly challenging to detect account breaches quickly and accurately. Fraudsters leverage GenAI to create sophisticated social engineering attacks, such as realistic phishing emails, scam texts, and scripts, as well as convincing voice and video fakes. They can also fabricate identities and documents to bypass verification processes, using deepfakes to gain access to credentials and accounts. As a result, more consumers are expressing concern over the implications of AI on the security of their accounts.

Consumer concern over AI being used to gain unauthorized account access 54% very concerned 33% somewhat concerned 9% a little concerned 4% not concerned at all
The rising accessibility of ATO 37% of consumers have seen offers online to participate in account fraud 21% of consumers know someone who’s taken over an account without permission

The Democratization of Account Takeover Fraud

Despite growing awareness of ATO and its consequences, its prevalence is increasing, partly due to the democratization of fraud. This shift has made fraud tools and resources widely accessible to anyone with an internet connection. Fraudulent activities are no longer confined to the dark web, but are now infiltrating deep web forums and social media platforms. Nearly 40% of consumers report encountering offers to participate in account fraud online, a significant rise from 24% in 2023. The image of a fraudster as a shadowy figure in a hoodie is becoming outdated—fraudsters are now more likely to be people we know. Although most say they’d react negatively to discovering that someone close to them was involved in fraud, over 20% of consumers know someone who has engaged in unauthorized account access, a marked increase from 14% last year.

How consumers would react if they learned someone close to them participated in account takeover fraud 86% shock and disappointment 8% support and understanding 6% indifference

Identity Theft Tool on Telegram: Democratizing Access to Compromised Credentials

In one Fraud-as-a-Service (FaaS) scheme centered around ATO, fraudsters work together on deep web messaging platforms like Telegram—advertising tools and tactics for fellow fraudsters to hack celebrity social media accounts in order to spread malicious links. This activity shows that fraudsters have their own specialties and are learning to combine forces to amplify the success of their attacks. Some fraudsters are even launching their own illicit tools to capitalize on the democratization of fraud. One such tool for rent promises access to a variety of identity data, including data leak lookups, for a weekly fee.


The Identity Theft Tool is an easy-to-use fraud-as-a-service product marketed on Telegram that cybercriminals use to exploit compromised data. Fraudsters developed the bot to aggregate breached data from various sources, such as Intelligence X, and market it on Telegram for prices as low as $10 per week. After purchasing access, they’re able to search for individuals or corporate accounts to obtain credentials that may have been part of large-scale data breaches. The tool enables anyone with internet access to find credentials for almost anyone, including public figures and celebrities—all within minutes.


Sift’s Trust and Safety Architect team was able to seemingly validate the information of many individuals, including noteworthy public figures, by cross-referencing public information with what was discovered using the tool. Fraudsters can use this data to directly access accounts or send phishing emails and texts to obtain any missing credentials needed to log into the accounts and steal payment information. This process highlights the ease and speed with which fraudsters can access and exploit compromised data, and serves as a frightening example of the democratization of fraud and the rise of fraud-as-a-service.

Productize

Promote

Purchase

Redeem

Search

Six

Defraud

Step 1 | Productize

Fraudster A develops a bot tool that aggregates breached data from various sources, including Intelligence X and the recent NPD breach.

Woman with glasses against abstract shapes

MFA Perceptions and Realities

Despite some reports that consumers dislike multi-factor authentication (MFA), data shows they may not be as inconvenienced by it as once thought. Survey respondents indicate that they understand the security benefits of MFA and don’t mind going through the additional step to access their accounts. Over half of consumers said they’d be more likely to use a website or app if prompted to use MFA to log into the account. However, MFA isn’t always enough on its own to thwart fraudsters. Many are leveraging one-time password (OTP) bots, an automated fraud service used to commit ATO attacks, targeting victims with fake phone calls and SMS messages to steal passwords.

Consumers are more likely to use a website or app if prompted to use MFA to log into the account 33% much more likely 31% somewhat more likely 25% it makes no difference 6% somewhat less likely 5% much less likely

ATO’s Impact on Trust and Brand Loyalty

With the increase in 2FA rates and account security, consumers are less forgiving of businesses that fail to protect them from ATOs. Four out of five consumers would stop shopping on a site where they’d been a victim of ATO—up from 76% in 2023. However, the majority of consumers also acknowledge that it’s both their responsibility as well as the brand’s to keep their accounts safe from ATO. Ultimately, whether the consumer takes partial responsibility for the ATO or not, the business will face the fallout of weak account security. 

The majority of consumers take joint responsibility for account protection 53% Think it’s both their personal responsibility as well as the website/app’s 33% Would blame the website or app 14% Would take personal responsibility for the account takeover
Quote from Brittany Allen, Senior Trust and Safety Architect at Sift
quotationsImg

Account takeovers have become a major threat in 2024. With the surge of AI-generated deepfakes, widely accessible fraud tools, and bigger breaches with deeper consequences, businesses need to match fraud actors' energy. Advanced, AI-powered fraud detection is the path forward.

Brittany Allen

Senior Trust and Safety Architect at Sift

Mitigating ATO Risk with AI-Powered Fraud Protection

To effectively combat ATO fraud and protect consumers, businesses must adopt tools and technologies that address the full user journey, including account login. Leveraging AI-powered fraud protection is crucial for early detection and rapid response to threats. Additionally, implementing MFA and dynamic friction in user authentication processes helps strike an optimal balance between security and user experience. With advanced solutions, businesses can automate risk decisioning, instantly identifying and mitigating bot-based account attacks. This approach ensures frictionless experiences for trusted users while flagging risky sessions for review or auto-block. By integrating these measures into a holistic fraud prevention strategy, businesses can significantly reduce risk, enhance overall cybersecurity, and drive revenue growth.

graphic
Two people walking together against abstract wave pattern

The Future of Cyber-Fraud Fusion

Building on these foundational strategies, it’s essential to consider the next frontier in fraud prevention. Experts predict that the future of online fraud detection lies in the fusion of cybersecurity and fraud prevention, a convergence expected to revolutionize how companies combat sophisticated online threats. Research shows that nearly 70% of security leaders view ATO attacks as the greatest concern to their organizations, underscoring the urgency for innovation. As markets merge, forward-thinking organizations are integrating cybersecurity and fraud prevention teams, tools, and processes to create a unified defense against ATO threats. This cyber-fraud fusion, driven by AI-powered solutions like Sift, enables businesses to monitor user behavior across the entire journey, adapt to emerging risks, and protect both their bottom line and customer experience. By aligning resources and breaking down silos, organizations can better anticipate and counteract increasingly complex cyber-fraud schemes.

*On behalf of Sift, Researchscape International polled 1,096 adults (aged 18+) across the United States via online survey in July 2024.

Explore More from Sift

.
image
Report

Decoding Dispute Trends

.
image
Report

Managing Risk in the Era of AI-Fueled Fraud

.
image
Report

Navigating the Next Generation of Payment Fraud