Trends in Account Takeover Fraud
Security breaches and account takeovers (ATOs) are making headlines this year. High-profile incidents, like the massive data breach of 2.9 billion records, the Ticketmaster data hack, scams following the CrowdStrike outage, and the rise of AI-generated deepfakes, all underscore the widespread consequences of this growing threat.
ATO has proven to be an increasingly costly issue. In 2023 alone, account takeover fraud resulted in nearly $13 billion in losses, up from $11 billion in 2022. This form of fraud results in the unauthorized access of accounts using stolen credentials obtained from data breaches, phishing attacks, and malware to make fraudulent transactions, steal sensitive information, or launch further attacks. Given the expanding scope and rising costs associated with ATO, prioritizing account security and safeguarding digital trust is both expected by consumers and made more difficult with every data breach.
Rising Account Takeover Attacks
The average ATO attack rate saw a significant 24% increase across the Sift Global Network in Q2 2024 compared to the same period in 2023, rising from 2.9% to 3.6%. This surge is part of a continuing trend, as ATO attacks have been steadily climbing in recent years. Notably, this follows a staggering 354% year-over-year increase in Q2 2023, underscoring the persistent and growing threat of ATOs.
Industry Insights
Some industries, such as marketplaces, e-commerce, and ticketing, have faced significant spikes in ATO over the past year. Marketplaces, in particular, have seen increased usage during challenging economic times as the higher cost of living has prompted many to sell unwanted items, inadvertently attracting fraudsters seeking to exploit marketplace platforms. These fraudsters often follow consumer spending patterns, targeting user accounts more likely to contain stored payment information and credits, like in e-commerce. For the ticketing industry, the ATO attack rate has remained alarmingly high in the double digits, as data breaches make accounts more vulnerable, and consumers often leave their accounts unmonitored.
Trends in Two-Factor Authentication
Businesses are increasingly adopting two-factor authentication (2FA) to secure user accounts from unauthorized access. However, the rate of adoption can vary greatly based on the type of business, risk thresholds, and transaction volume and speed. Certain industries, like ticketing, fintech, marketplaces, and retail, maintain higher 2FA rates than the average across the Sift Global Network due to their higher transaction values and sensitivity to account security. The ticketing industry’s high 2FA rate reflects heightened security measures following the massive Ticketmaster breach and bot attacks causing the Taylor Swift ticket sale dilemma. By contrast, industries known for fast and frequent transactions, such as food ordering and delivery, remittances, and transportation, have a lower than average 2FA rate to keep up with demand and keep consumer friction low.
Access the Full Report
Consumer-Driven Insights on ATO Vulnerability
Password reuse is one of the leading reasons ATO can cause so much collateral damage, with 78% of individuals using the same password for more than one account. This means that once a fraudster gains access to one account, they’re able to access multiple with the same credentials before the victim is made aware of the breach and updates their passwords.
Data shows that more consumers are dealing with ATOs in 2024. 24% of consumers surveyed* by Sift have been a victim of ATO in the past year, up from 18% in 2023. The survey also shows that fraudsters target sites with large audiences, like social media platforms, to spread additional scams, as well as digital streaming services, where users frequently reuse and share passwords. They also tend to target banks and credit card accounts because they offer a higher potential for financial gain.
The Consequences of ATO
Account Takeovers (ATOs) are not the final goal for fraudsters, but rather a stepping stone in their broader scheme for illicit financial gain. The consequences of an ATO can quickly escalate, creating a ripple effect that impacts the victim, the business, and any other businesses where the victim uses the same credentials.
When an account is breached, it can lead to various forms of financial damage, including the theft of stored payment information, unauthorized purchases, and the loss of rewards, loyalty points, or credits. This highlights the interconnected nature of the Fraud Economy—an ATO on one account can trigger payment fraud across multiple accounts and businesses.
AI's Impact on ATO
Advancements in generative AI and automation tools are making it increasingly challenging to detect account breaches quickly and accurately. Fraudsters leverage GenAI to create sophisticated social engineering attacks, such as realistic phishing emails, scam texts, and scripts, as well as convincing voice and video fakes. They can also fabricate identities and documents to bypass verification processes, using deepfakes to gain access to credentials and accounts. As a result, more consumers are expressing concern over the implications of AI on the security of their accounts.
The Democratization of Account Takeover Fraud
Despite growing awareness of ATO and its consequences, its prevalence is increasing, partly due to the democratization of fraud. This shift has made fraud tools and resources widely accessible to anyone with an internet connection. Fraudulent activities are no longer confined to the dark web, but are now infiltrating deep web forums and social media platforms. Nearly 40% of consumers report encountering offers to participate in account fraud online, a significant rise from 24% in 2023. The image of a fraudster as a shadowy figure in a hoodie is becoming outdated—fraudsters are now more likely to be people we know. Although most say they’d react negatively to discovering that someone close to them was involved in fraud, over 20% of consumers know someone who has engaged in unauthorized account access, a marked increase from 14% last year.
Identity Theft Tool on Telegram: Democratizing Access to Compromised Credentials
In one Fraud-as-a-Service (FaaS) scheme centered around ATO, fraudsters work together on deep web messaging platforms like Telegram—advertising tools and tactics for fellow fraudsters to hack celebrity social media accounts in order to spread malicious links. This activity shows that fraudsters have their own specialties and are learning to combine forces to amplify the success of their attacks. Some fraudsters are even launching their own illicit tools to capitalize on the democratization of fraud. One such tool for rent promises access to a variety of identity data, including data leak lookups, for a weekly fee.
The Identity Theft Tool is an easy-to-use fraud-as-a-service product marketed on Telegram that cybercriminals use to exploit compromised data. Fraudsters developed the bot to aggregate breached data from various sources, such as Intelligence X, and market it on Telegram for prices as low as $10 per week. After purchasing access, they’re able to search for individuals or corporate accounts to obtain credentials that may have been part of large-scale data breaches. The tool enables anyone with internet access to find credentials for almost anyone, including public figures and celebrities—all within minutes.
Sift’s Trust and Safety Architect team was able to seemingly validate the information of many individuals, including noteworthy public figures, by cross-referencing public information with what was discovered using the tool. Fraudsters can use this data to directly access accounts or send phishing emails and texts to obtain any missing credentials needed to log into the accounts and steal payment information. This process highlights the ease and speed with which fraudsters can access and exploit compromised data, and serves as a frightening example of the democratization of fraud and the rise of fraud-as-a-service.
Productize
Promote
Purchase
Redeem
Search
Defraud
Step 1 | Productize
Fraudster A develops a bot tool that aggregates breached data from various sources, including Intelligence X and the recent NPD breach.
MFA Perceptions and Realities
Despite some reports that consumers dislike multi-factor authentication (MFA), data shows they may not be as inconvenienced by it as once thought. Survey respondents indicate that they understand the security benefits of MFA and don’t mind going through the additional step to access their accounts. Over half of consumers said they’d be more likely to use a website or app if prompted to use MFA to log into the account. However, MFA isn’t always enough on its own to thwart fraudsters. Many are leveraging one-time password (OTP) bots, an automated fraud service used to commit ATO attacks, targeting victims with fake phone calls and SMS messages to steal passwords.
ATO’s Impact on Trust and Brand Loyalty
With the increase in 2FA rates and account security, consumers are less forgiving of businesses that fail to protect them from ATOs. Four out of five consumers would stop shopping on a site where they’d been a victim of ATO—up from 76% in 2023. However, the majority of consumers also acknowledge that it’s both their responsibility as well as the brand’s to keep their accounts safe from ATO. Ultimately, whether the consumer takes partial responsibility for the ATO or not, the business will face the fallout of weak account security.
Account takeovers have become a major threat in 2024. With the surge of AI-generated deepfakes, widely accessible fraud tools, and bigger breaches with deeper consequences, businesses need to match fraud actors' energy. Advanced, AI-powered fraud detection is the path forward.
Mitigating ATO Risk with AI-Powered Fraud Protection
To effectively combat ATO fraud and protect consumers, businesses must adopt tools and technologies that address the full user journey, including account login. Leveraging AI-powered fraud protection is crucial for early detection and rapid response to threats. Additionally, implementing MFA and dynamic friction in user authentication processes helps strike an optimal balance between security and user experience. With advanced solutions, businesses can automate risk decisioning, instantly identifying and mitigating bot-based account attacks. This approach ensures frictionless experiences for trusted users while flagging risky sessions for review or auto-block. By integrating these measures into a holistic fraud prevention strategy, businesses can significantly reduce risk, enhance overall cybersecurity, and drive revenue growth.
The Future of Cyber-Fraud Fusion
Building on these foundational strategies, it’s essential to consider the next frontier in fraud prevention. Experts predict that the future of online fraud detection lies in the fusion of cybersecurity and fraud prevention, a convergence expected to revolutionize how companies combat sophisticated online threats. Research shows that nearly 70% of security leaders view ATO attacks as the greatest concern to their organizations, underscoring the urgency for innovation. As markets merge, forward-thinking organizations are integrating cybersecurity and fraud prevention teams, tools, and processes to create a unified defense against ATO threats. This cyber-fraud fusion, driven by AI-powered solutions like Sift, enables businesses to monitor user behavior across the entire journey, adapt to emerging risks, and protect both their bottom line and customer experience. By aligning resources and breaking down silos, organizations can better anticipate and counteract increasingly complex cyber-fraud schemes.
*On behalf of Sift, Researchscape International polled 1,096 adults (aged 18+) across the United States via online survey in July 2024.
Explore More from Sift
Move Your Business Forward with FIBR
Sift’s one-of-its-kind Fraud Industry Benchmarking Resource lets you compare your payment fraud, fraudulent chargeback, account takeover, and manual review rates against Sift benchmarks by industry and region.