The 5 Most Common Fraudster Tactics Causing Account Takeovers (ATO)
Blog
Nethone
Oct 11, 2023
Blog
We can look at account takeover as the initial gateway to more fraud problems. Once fraudsters gain access to customers’ accounts, it opens the door to many other issues, such as payment fraud or chargebacks, causing an unfortunate domino effect. For this reason, account takeover (ATO) is a serious risk that can cost businesses money, as well as damage their reputation in the long run.
The stats around ATO also reflect a worrisome trend. In 2021, we saw a 55% increase in ATO for online merchants, and there’s little evidence to suggest this trend is going down. To defend against ATO effectively, fraud managers must not only implement effective adapted-to-threats solutions, but also to acquire an in-depth understanding of the root causes and methods that lead to account takeover fraud in the first place.
What is ATO and which businesses are susceptible?
Account takeover (ATO) happens when cybercriminals use fraudulently gained credentials to access someone else’s account to make unauthorized payments and other forms of identity fraud.
Naturally, this makes platforms and services with a financial aspect big targets. E-commerce stores, banks and other payment-based services, such as subscription platforms, can all be targeted. However, many of the methods described below can also apply to the likes of social media profiles, which don’t typically contain financial data but can nonetheless lead to it.
The 5 most common ways of getting credentials
In order for account takeover fraud to be successful, fraudsters must first get hold of valid credentials. There are many ways they can do this, but there are a number of tactics that continue to be the most commonly used.
Brute force attacks
One of the earliest forms of ATO, brute force attacks work via automated tools to systematically guess passwords, often targeting easy-to-guess passwords. This is also known as a “dictionary attack”. By working through potential word and number configurations, brute force attacks can easily bypass weak passwords.
Social engineering
This approach involves fraudsters posing as a trustworthy source or entity, such as a friend, customer support specialist, bank or business. Often conducted via email, SMS and even over the phone, the attacker attempts to manipulate individuals into providing their account details.
Keylogging
Using malware installed on a user’s device, fraudsters are able to record and capture the keystrokes of a given individual. As a result, they can gain the necessary login credentials, as well as additional sensitive information, needed to conduct ATO.
Phishing
This occurs when attackers send emails, texts or other communications designed to look like an authentic business, such as an online store or bank. Often, these messages encourage the user to log in to their account, in order to steal credentials, but in other cases they can install malware, such as keylogging software described above.
Credential stuffing
When attackers already have usernames and password combinations from previously leaked accounts, they will often use the credentials they have on additional accounts and platforms. This way, if users have reused their passwords, for example, fraudsters can easily find new accounts to take over.
What happens afterwards?
Once the attacker has the credentials and details they need, they might not necessarily commit ATO fraud straight away. Such sensitive data is often sold on the dark web to other fraudsters. As such, once credentials are compromised, it can pose an even greater risk not only for the user, but also for numerous businesses.
Eventually, however, someone will use the credentials to make fraudulent payments or transactions. Because the credentials gained are authentic, they are able to log in and act as the individual customer in question.
How can you defend against these methods?
It’s important to note that many of these methods, such as credential stuffing and social engineering, can be automated en masse. Fraudsters are not necessarily targeting businesses directly. Rather, they employ such wide ranging methods and then focus on services and platforms with the weakest security.
Since every business is different, it’s important to understand these common methods at a deeper level, in order to adjust your own cybersecurity accordingly. Our ATO course is an
effective, streamlined way to get up to date on today’s fraudster tactics, as well as the various means of defenses available.
It’s important to understand not only the typical means of gaining credentials, but also how to identify if it occurs, how to respond and how to work with users to keep them safe. Doing so
will not only prevent your business from harm, but it will also make it less of a target for attackers in the long run.
The stats around ATO also reflect a worrisome trend. In 2021, we saw a 55% increase in ATO for online merchants, and there’s little evidence to suggest this trend is going down. To defend against ATO effectively, fraud managers must not only implement effective adapted-to-threats solutions, but also to acquire an in-depth understanding of the root causes and methods that lead to account takeover fraud in the first place.
What is ATO and which businesses are susceptible?
Account takeover (ATO) happens when cybercriminals use fraudulently gained credentials to access someone else’s account to make unauthorized payments and other forms of identity fraud.
Naturally, this makes platforms and services with a financial aspect big targets. E-commerce stores, banks and other payment-based services, such as subscription platforms, can all be targeted. However, many of the methods described below can also apply to the likes of social media profiles, which don’t typically contain financial data but can nonetheless lead to it.
The 5 most common ways of getting credentials
In order for account takeover fraud to be successful, fraudsters must first get hold of valid credentials. There are many ways they can do this, but there are a number of tactics that continue to be the most commonly used.
Brute force attacks
One of the earliest forms of ATO, brute force attacks work via automated tools to systematically guess passwords, often targeting easy-to-guess passwords. This is also known as a “dictionary attack”. By working through potential word and number configurations, brute force attacks can easily bypass weak passwords.
Social engineering
This approach involves fraudsters posing as a trustworthy source or entity, such as a friend, customer support specialist, bank or business. Often conducted via email, SMS and even over the phone, the attacker attempts to manipulate individuals into providing their account details.
Keylogging
Using malware installed on a user’s device, fraudsters are able to record and capture the keystrokes of a given individual. As a result, they can gain the necessary login credentials, as well as additional sensitive information, needed to conduct ATO.
Phishing
This occurs when attackers send emails, texts or other communications designed to look like an authentic business, such as an online store or bank. Often, these messages encourage the user to log in to their account, in order to steal credentials, but in other cases they can install malware, such as keylogging software described above.
Credential stuffing
When attackers already have usernames and password combinations from previously leaked accounts, they will often use the credentials they have on additional accounts and platforms. This way, if users have reused their passwords, for example, fraudsters can easily find new accounts to take over.
What happens afterwards?
Once the attacker has the credentials and details they need, they might not necessarily commit ATO fraud straight away. Such sensitive data is often sold on the dark web to other fraudsters. As such, once credentials are compromised, it can pose an even greater risk not only for the user, but also for numerous businesses.
Eventually, however, someone will use the credentials to make fraudulent payments or transactions. Because the credentials gained are authentic, they are able to log in and act as the individual customer in question.
How can you defend against these methods?
It’s important to note that many of these methods, such as credential stuffing and social engineering, can be automated en masse. Fraudsters are not necessarily targeting businesses directly. Rather, they employ such wide ranging methods and then focus on services and platforms with the weakest security.
Since every business is different, it’s important to understand these common methods at a deeper level, in order to adjust your own cybersecurity accordingly. Our ATO course is an
effective, streamlined way to get up to date on today’s fraudster tactics, as well as the various means of defenses available.
It’s important to understand not only the typical means of gaining credentials, but also how to identify if it occurs, how to respond and how to work with users to keep them safe. Doing so
will not only prevent your business from harm, but it will also make it less of a target for attackers in the long run.
Host a Webinar with the MRC
Help the MRC community stay current on relevant fraud, payments, and law enforcement topics.
Submit a Request
Publish Your Document with the MRC
Feature your case studies, surveys, and whitepapers in the MRC Resource Center.
Submit Your Document
