arrow left facebook twitter linkedin medium menu play circle

Account Takeover Fraud: The Anatomy of an ATO Attack

By Ting Fang Yen February 24, 2016

Photo of Ting Fang Yen

about Ting Fang Yen
Director of Research // Ting-Fang specializes in network and information security data analysis and fraud detection in the financial social and eCommerce industries. She holds a PhD in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.

fingers crossed about account takeover fraud?

As we mentioned in our recent Predictions for 2016, it’s likely that account takeover fraud (ATO fraud) will skyrocket this year as result of the many data breaches we witnessed in 2015. Cybercriminals put the work into stealing your data, now it’s time to put that data to work for them.
Account takeover fraud fuels the underground fraud-as-a-service economy with compromised accounts, which are sold or exchanged for a variety of downstream attacks. Since these accounts are created by real users (unlike mass-registered fake accounts), they often contain valuable information such as financial data, and their activities are less likely to raise the suspicion of security solutions. This makes account takeover fraud a very lucrative business for cybercriminals. A recent report showed that compromised accounts are worth upward of $3 each on the underground market. That’s more than 17 times the price of a stolen credit card number, which is only 22 cents.
Compromised takeover accounts are commonly used for financially motivated downstream attacks, including:

  • Financial fraud: Targets are accounts at financial or e-commerce services that store users’ banking details. The attackers perform unauthorized withdrawal from bank accounts or fraudulent transactions using the credit/debit cards on file.
  • Spam: Spam can appear in any service feature that accepts user-generated content, including discussion forums, direct messages, and reviews/ratings, degrading platform integrity and brand reputation.
  • Phishing: Attackers can assume a compromised user’s identity and launch phishing attacks on others in his/her social circle to steal their credentials, personal information, or sensitive data.
  • Virtual currency fraud: Virtual “currencies” that are worth real money include reward points, promotional credits, and in-game virtual items, which can be harvested for real world gains.

We recently contributed a post for Dark Reading describing some account takeover attacks that we have witnessed in the wild. We go into depth on how organized crime rings are performing account takeover attacks and account takeover fraud at scale. We think it’s a great piece. To read more about how these attacks are conducted, the financial impact, and more, check out: http://www.darkreading.com/endpoint/anatomy-of-an-account-takeover-attack/a/d-id/1324409


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q3 2019

Learn More

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens,…

Drawing on 80B events, 758M users, and 368M IPs, DataVisor’s Fraud Index Report tackles content abuse—how it happens, why it’s scaling, and how to stop it.

Improve Fraud Protection and Customer Experience with AI

Learn More

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience.

Strides in artificial intelligence (AI) promise to strengthen fraud protection while also significantly improving the customer experience—two vital sources of competitive differentiation in today’s competitive landscape. As lending activity moves online, AI leverages advanced analytics to stop new…

Keeping Platforms Safe: AI and Machine Learning for Fraud Prevention

Learn More

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined…

Every company is different, and every attack is different. When it comes to defeating fraud, success is determined organization by organization. From mass registrations and fake listings, to ATO and spam, to promo abuse and bot attacks, DataVisor’s AI-powered fraud management solutions deliver the…


Protect your business, your customers, and your data.

Request Demo