arrow left facebook twitter linkedin medium menu play circle

Meet the DataVisor team at MRC 2024!

February 24, 2016 - Ting Fang Yen

Account Takeover Fraud: The Anatomy of an ATO Attack

As we mentioned in our recent Predictions for 2016, it’s likely that account takeover fraud (ATO fraud) will skyrocket this year as result of the many data breaches we witnessed in 2015. Cybercriminals put the work into stealing your data, now it’s time to put that data to work for them.
Account takeover fraud fuels the underground fraud-as-a-service economy with compromised accounts, which are sold or exchanged for a variety of downstream attacks. Since these accounts are created by real users (unlike mass-registered fake accounts), they often contain valuable information such as financial data, and their activities are less likely to raise the suspicion of security solutions. This makes account takeover fraud a very lucrative business for cybercriminals. A recent report showed that compromised accounts are worth upward of $3 each on the underground market. That’s more than 17 times the price of a stolen credit card number, which is only 22 cents.
Compromised takeover accounts are commonly used for financially motivated downstream attacks, including:

  • Financial fraud: Targets are accounts at financial or e-commerce services that store users’ banking details. The attackers perform unauthorized withdrawal from bank accounts or fraudulent transactions using the credit/debit cards on file.
  • Spam: Spam can appear in any service feature that accepts user-generated content, including discussion forums, direct messages, and reviews/ratings, degrading platform integrity and brand reputation.
  • Phishing: Attackers can assume a compromised user’s identity and launch phishing attacks on others in his/her social circle to steal their credentials, personal information, or sensitive data.
  • Virtual currency fraud: Virtual “currencies” that are worth real money include reward points, promotional credits, and in-game virtual items, which can be harvested for real world gains.

We recently contributed a post for Dark Reading describing some account takeover attacks that we have witnessed in the wild. We go into depth on how organized crime rings are performing account takeover attacks and account takeover fraud at scale. We think it’s a great piece. To read more about how these attacks are conducted, the financial impact, and more, check out: http://www.darkreading.com/endpoint/anatomy-of-an-account-takeover-attack/a/d-id/1324409

about Ting Fang Yen
Ting-Fang Yen is Director of Research at DataVisor. Ting-Fang specializes in network and information security data analysis and fraud detection in the financial, social, and e-commerce industries. She holds a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.
about Ting Fang Yen
Ting-Fang Yen is Director of Research at DataVisor. Ting-Fang specializes in network and information security data analysis and fraud detection in the financial, social, and e-commerce industries. She holds a Ph.D. in Electrical and Computer Engineering from Carnegie Mellon and has previously worked for E8, RSA, and Microsoft.