Q3 2025 DIGITAL TRUST INDEX

Account Takeovers in the Era of Agentic AI

The State of Account Takeover in 2025

Account takeover (ATO) fraud has become one of the fastest growing threats facing digital businesses in 2025. Last year, ATO surpassed ransomware as the top enterprise security concern, with 83% of organizations experiencing at least one incident.

Losses from ATO fraud are projected to climb to $17 billion in 2025, up from $13 billion the year prior. This rapid growth is fueled by malicious bot activity, infostealer malware, and increasingly sophisticated AI-driven techniques—including deepfakes, large-scale credential stuffing, and fraud-as-a-service kits. Passwords remain an especially weak link, frequently stolen through breaches, phishing campaigns, and malware, then reused across multiple sites. With bots able to automate login attempts in seconds, attackers can easily convert stolen credentials into large-scale account takeovers. For businesses, this translates into surging payment fraud, chargebacks, and higher acquisition and retention costs.

Rising Account Takeover Attacks

Data from Sift’s Global Data Network reveals clear shifts in attack patterns in 2025, underscoring how fraudsters are concentrating efforts where the potential payoff is highest and where defenses may not yet be keeping pace. The overall ATO attack rate rose to 2.5% in Q2 2025, marking a 4% year-over-year increase. But certain industries are being targeted more than others.

Fraudsters are doubling down on fintech & finance, where attacks surged 122% year-over-year (from 0.54% to 1.2%), exploiting the high value of financial accounts and the growing adoption of alternative payments. The travel & ticketing sector recorded a 56% increase, reflecting the appeal of high-value accounts packed with loyalty points, stored payment methods, and personal data. Meanwhile, internet & software platforms saw a 17% rise, likely driven by subscription abuse and the resale of compromised credentials.

2025 Trends in Two-Factor Authentication

Two-factor authentication (2FA) remains a key element of account security, though adoption varies by industry, risk tolerance, and transaction volume. Across the Sift Global Data Network, overall 2FA adoption has remained steady at 13% over the past year, reflecting the tradeoff businesses face in balancing seamless user experiences with protection against sophisticated fraud. Ticketing leads at 21%, driven by live event-related risk, followed by digital commerce and fintech at 13%, and internet & software at 10%.

See the Full Report

Thank you, we will be in contact soon.

The Consumer Experience with ATO

A recent consumer survey* by Sift suggests that reported ATO rates understate the true scale of the problem, as many victims may not recognize when their accounts have been compromised. Fourteen percent of consumers said they experienced an ATO in the past year, yet the real number is likely much higher. Social media accounts were the most common target, representing 51% of reported incidents, followed by digital subscriptions (33%), banking and credit card accounts (28%), grocery accounts (19%), and gaming or physical goods subscriptions (15%).

The Ramifications of ATO

The impact of ATO extends well beyond the initial breach, shaping long-term customer trust and loyalty. Three-quarters of consumers say they would stop using a site after experiencing an ATO, and 87% would share the incident with others—amplifying reputational damage. Six in ten consumers see ATO prevention as a shared responsibility, but when protections fall short, businesses are ultimately the ones held accountable.

Account takeover has become one of the most persistent and costly threats businesses face today. What we’re seeing is that fraudsters aren’t just exploiting weak spots, they’re innovating faster than many companies can adapt. Protecting against ATO now requires a layered, adaptive approach that balances strong account security with a seamless consumer experience.

Alexander Hall

Trust and Safety Architect at Sift

ATO Fraud Awareness and Behavior Gaps

Consumers are more aware than ever of the risks of fraud, but awareness doesn’t always translate into effective action. The gap between what people know and how they behave online continues to leave them exposed to opportunistic fraudsters.

Nearly one in four consumers admitted to reusing a password they knew had been compromised, while just over half said they take extra steps to secure most or all of their accounts. At the same time, more than a third of respondents described themselves as very or extremely worried about being hacked. Consumers are most concerned about their financial accounts being hacked, followed by social media platforms and online shopping sites.

Exposure to the Fraud Economy

Exposure to the Fraud Economy is accelerating with the growth of fraud-as-a-service (FaaS), where ready-made tools are openly promoted on deep web forums and social platforms. This democratization of fraud lowers the barrier to entry, making it possible for virtually anyone to partake in fraud. Thirty-one percent of consumers reported seeing offers online to participate in account fraud, and 7% admitted to having taken over someone else’s account. As fraud becomes embedded in mainstream digital culture, businesses face greater brand risk and the increasing need for proactive defenses across the user journey.

Generational Divide: Who’s at Risk, and Why?

ATO doesn’t affect all demographics equally. Generational differences in digital behavior, risk tolerance, and security habits shape who is most at risk and how they respond when fraud occurs. Younger generations, raised in digital-first environments, tend to be both more exposed and more willing to engage in risky behaviors online, while older generations show lower exposure, but also lower adoption of proactive security measures.

Gen Z and Millennials may represent the highest fraud risk, but they’re also the most likely to walk away from a brand after an ATO incident. Meanwhile, Gen X and Baby Boomers present less risk but also lower engagement in security practices, creating different vulnerabilities.

generation-x-moderate-risk-with-mixed-security-habits

AI Agents and the New Era of Consumer Concern

AI-powered shopping assistants are gaining traction in digital commerce, offering convenience and personalization. But alongside the benefits, they raise new concerns about account takeover and data security.

Gartner predicts that within two years, AI agents will cut the time it takes attackers to hijack exposed accounts in half by automating key steps of ATO, from credential compromise to deepfake-enabled social engineering. This shift marks the rise of agentic AI—the next evolution beyond generative AI—driven by autonomous agents capable of making decisions and adapting in real time without human oversight.

Consumers are approaching AI shopping agents with caution. Nearly three-quarters (74%) say AI shopping agents increase their concern about ATO and only 14% would let an AI agent shop on their behalf. Confidence in AI agents handling financial information is also low: just 35% would entrust AI with sensitive data, including only 7% who would trust it fully. Research shows that AI Browsers designed to automate online tasks often lacked consistent guardrails, leaving them vulnerable to scams like fake storefronts, phishing sites, and prompt-injection attacks. This new era of scam complexity, fueled by Agentic AI, increases costs for businesses, amplifies fraud risk, and threatens long-term customer trust.

Generational Views on AI Agents

Generational divides are also shaping perceptions of AI. Younger consumers are more open to experimenting with AI shopping: 19% of Gen Z and 24% of Millennials said they would let AI shop for them, compared with 8% of Gen X and 5% of Baby Boomers. Millennials and Gen Z were also more likely to say they would trust AI agents with their financial data—50% and 48%, respectively.

would-trust-an-ai-agent-to-securely-handle

Agentic AI Meets Fraud-as-a-Service

Fraudsters are already experimenting with agentic AI, turning a technology built for efficiency and growth into a tool for large-scale, democratized fraud. On deep web forums, “AI agent bots” are being marketed with capabilities like voice and appearance cloning to answer phone or video calls, or uploading documents to generate promotional content.

By combining agentic AI with fraud-as-a-service models, criminals can automate their services and operate their schemes like legitimate businesses. This dramatically lowers the barrier to entry for new fraudsters and enables scams to scale at startup speed, making social engineering and subsequent account takeovers more difficult to detect.

Agentic AI is lowering the barrier to fraud, making powerful tools available to anyone—not just organized crime rings. As fraud becomes more democratized, account takeovers are getting harder to spot and faster to scale. Businesses need AI that can adapt in real time to keep customers safe and revenue strong.

Brittany Allen

Senior Trust and Safety Architect at Sift

How Businesses Can Mitigate ATO Risk

Protecting against account takeover attacks requires more than basic fraud thresholds. Businesses need adaptive, customer-centric strategies that evolve with fraud tactics while maintaining seamless experiences. Leading organizations connect behavioral, intent, and device signals in real time to block abuse early and safeguard high-value customers.

The rise of agentic AI raises the stakes, making it critical for businesses to harness AI in equally sophisticated ways. The AI-powered Sift Platform gives teams a unified view of identity through Identity Trust XD, enabling smarter decisions across the user journey. ActivityIQ uses generative AI to summarize user activity across sessions, cutting through noise and accelerating fraud defense. By harnessing AI to fight the growth threat of AI fraud, businesses can protect revenue, preserve trust, and turn fraud prevention into a strategic advantage.

*On behalf of Sift, Researchscape International polled 1,009 adults (aged 18+) across the United States via online survey in July 2025.

What’s New at Sift

view all resources

Report

Account Takeovers in the Era of Agentic AI

READ THE REPORT

Report

Navigating Digital Trust in the Age of AI

READ THE REPORT

Report

Payment Fraud in the New Age of Digital Transformation

READ THE REPORT

Drive Your Business Forward with FIBR

Compare your own data against Sift benchmarks with FIBR, the first Fraud Industry Benchmarking Resource of its kind delivering crucial fraud insights to businesses across verticals and regions.

Discover Data

Account Takeovers in the Era of Agentic AI

Overview

The State of Account Takeover in 2025

Rising Account Takeover Attacks

2025 Trends in Two-Factor Authentication

See the Full Report

Thank you, we will be in contact soon.

The Consumer Experience with ATO

The Ramifications of ATO

Alexander Hall

ATO Fraud Awareness and Behavior Gaps

Exposure to the Fraud Economy

Generational Divide: Who’s at Risk, and Why?

AI Agents and the New Era of Consumer Concern

Generational Views on AI Agents

Agentic AI Meets Fraud-as-a-Service

Brittany Allen

How Businesses Can Mitigate ATO Risk

What’s New at Sift

Account Takeovers in the Era of Agentic AI

Navigating Digital Trust in the Age of AI

Payment Fraud in the New Age of Digital Transformation

Drive Your Business Forward with FIBR