arrow left facebook twitter linkedin medium menu play circle

Account Takeover Fraud: The Anatomy of an ATO Attack

By Ting Fang Yen February 24, 2016

Photo of Ting Fang Yen

about Ting Fang Yen
Director of Research // Ting-Fang specializes in network and information security data analysis and fraud detection in the financial social and eCommerce industries. She holds a PhD in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.

fingers crossed about account takeover fraud?

As we mentioned in our recent Predictions for 2016, it’s likely that account takeover fraud (ATO fraud) will skyrocket this year as result of the many data breaches we witnessed in 2015. Cybercriminals put the work into stealing your data, now it’s time to put that data to work for them.
Account takeover fraud fuels the underground fraud-as-a-service economy with compromised accounts, which are sold or exchanged for a variety of downstream attacks. Since these accounts are created by real users (unlike mass-registered fake accounts), they often contain valuable information such as financial data, and their activities are less likely to raise the suspicion of security solutions. This makes account takeover fraud a very lucrative business for cybercriminals. A recent report showed that compromised accounts are worth upward of $3 each on the underground market. That’s more than 17 times the price of a stolen credit card number, which is only 22 cents.
Compromised takeover accounts are commonly used for financially motivated downstream attacks, including:

  • Financial fraud: Targets are accounts at financial or e-commerce services that store users’ banking details. The attackers perform unauthorized withdrawal from bank accounts or fraudulent transactions using the credit/debit cards on file.
  • Spam: Spam can appear in any service feature that accepts user-generated content, including discussion forums, direct messages, and reviews/ratings, degrading platform integrity and brand reputation.
  • Phishing: Attackers can assume a compromised user’s identity and launch phishing attacks on others in his/her social circle to steal their credentials, personal information, or sensitive data.
  • Virtual currency fraud: Virtual “currencies” that are worth real money include reward points, promotional credits, and in-game virtual items, which can be harvested for real world gains.

We recently contributed a post for Dark Reading describing some account takeover attacks that we have witnessed in the wild. We go into depth on how organized crime rings are performing account takeover attacks and account takeover fraud at scale. We think it’s a great piece. To read more about how these attacks are conducted, the financial impact, and more, check out: http://www.darkreading.com/endpoint/anatomy-of-an-account-takeover-attack/a/d-id/1324409


Popular Posts

Intelligent solutions. Informed decisions. Unrivaled results.

DataVisor Fraud Index Report: Q1 2019

Learn More

Access proprietary data and research results to discover the latest attack techniques and prevention strategies.

Download the Q1 2019 Fraud Index Report from DataVisor to receive unparalleled data-driven insights into the latest attack trends, and the most effective prevention strategies, based on analysis of over 44 billion events, 800 million users, 396 million IP addresses, and more.

Dumb & Dumber vs Ocean’s 11

Learn More

Understand the range of modern fraud attacks to ensure complete coverage for your organization.

Complex and coordinated fraud attacks that are extensively planned, hard to detect, and highly scalable are the new normal for online platforms. Explore and understand the full spectrum of fraud attacks—from simple to sophisticated—and learn how you can defend against each type in this…

Guard Your Online Marketplace Against Fraud

Learn More

Discover AI-powered fraud strategies for preventing financial and reputational damage in this powerful eBook.

Online marketplaces withstand a complicated array of fraud attacks—spam, scam, and all points in between. Only the most comprehensive, proactive AI-powered solutions can fully protect against reputational and financial damage. This eBook details the entire lifecycle of a fraud attack, and lays out…


Protect your business, your customers, and your data.

Request Demo