As we mentioned in our recent Predictions for 2016, it’s likely that account takeover fraud (ATO fraud) will skyrocket this year as result of the many data breaches we witnessed in 2015. Cybercriminals put the work into stealing your data, now it’s time to put that data to work for them. Account takeover fraud fuels the underground fraud-as-a-service economy with compromised accounts, which are sold or exchanged for a variety of downstream attacks. Since these accounts are created by real users (unlike mass-registered fake accounts), they often contain valuable information such as financial data, and their activities are less likely to raise the suspicion of security solutions. This makes account takeover fraud a very lucrative business for cybercriminals. A recent report showed that compromised accounts are worth upward of $3 each on the underground market. That’s more than 17 times the price of a stolen credit card number, which is only 22 cents. Compromised takeover accounts are commonly used for financially motivated downstream attacks, including:
- Financial fraud: Targets are accounts at financial or e-commerce services that store users’ banking details. The attackers perform unauthorized withdrawal from bank accounts or fraudulent transactions using the credit/debit cards on file.
- Spam: Spam can appear in any service feature that accepts user-generated content, including discussion forums, direct messages, and reviews/ratings, degrading platform integrity and brand reputation.
- Phishing: Attackers can assume a compromised user’s identity and launch phishing attacks on others in his/her social circle to steal their credentials, personal information, or sensitive data.
- Virtual currency fraud: Virtual “currencies” that are worth real money include reward points, promotional credits, and in-game virtual items, which can be harvested for real world gains.