ATO attacks surge in Q2 2024, Sift warns of growing ‘Fraud-as-a-Service’ threat

A recent report highlights the growing threat of account takeover (ATO) attacks, which surged by 24 percent in the second quarter of 2024 compared to the same period last year. This increase is part of an ongoing trend, with such attacks steadily rising in recent years. In 2023, ATO incidents spiked by 354 percent year-over-year, and new data suggests the problem is far from abating.

The findings come from the Q3 2024 Digital Trust Index, a report released by fraud prevention firm Sift, which analyzed data from its global network and surveyed consumers about their experiences. According to the survey, 24 percent of respondents reported falling victim to an ATO in the past year, up from 18 percent in 2023.

“With large scale data breaches exposing billions of user records in 2024 alone, account takeover attacks have scaled to become one of the most common and damaging types of fraud online,” says Brittany Allen, senior trust and safety architect at Sift.

“These attacks are almost always ‘stepping stones’ for cybercriminals who are after stored payment credentials, loyalty points, or other stored value.”

The surge in attacks has been linked to several high-profile data breaches in 2024, including breaches at National Public Data, which exposed 2.9 billion records, and incidents involving Ticketmaster and Change Healthcare. Data breaches like these are often a precursor to account takeovers, where cybercriminals use stolen information to access personal accounts and steal payment credentials, loyalty points, and other valuable data.

The report also uncovered a new tool being used by cybercriminals on Telegram, a messaging app. This tool allows even inexperienced users to search for compromised credentials and carry out account takeovers. For $10 per week, buyers can allegedly access breached data aggregated from sources like Intelligence X. This “fraud-as-a-service” application is raising alarms due to how easily it allows fraudsters to exploit personal data.

The accessibility of these tools underscore the broader trend of the “democratization of fraud,” where fraud techniques once limited to experts are now available to virtually anyone. As a result, both businesses and consumers face heightened risks.

Sift’s research also involved a consumer survey conducted by Researchscape International in July 2024, which polled over 1,000 U.S. adults on their experiences with online fraud. In addition, the report used data from the Fraud Industry Benchmarking Resource (FIBR), an online tool that tracks fraud metrics across different industries and regions.

2FA for security varies

According to the report, businesses are increasingly implementing two-factor authentication (2FA) to protect user accounts from unauthorized access, though adoption rates differ depending on the industry, risk level, and transaction volume. Sectors like ticketing, fintech, online marketplaces, and retail have higher-than-average 2FA usage due to the high value of transactions and the need for strong account security.

In contrast, industries that rely on rapid, frequent transactions, such as food delivery, remittances, and transportation, have lower 2FA adoption. These sectors prioritize maintaining a fast user experience, often minimizing added steps like biometric authentication to reduce consumer friction.

Article Topics

biometric authentication  |  biometrics  |  cybersecurity  |  financial services  |  fraud prevention  |  identity theft  |  Sift