100% CONFIDENTIAL SUPPORT:

Intro to Account Takeover Attacks

Share This Post

toronto-corporate-private-investigations

Organized crime has taken over the internet in recent years. Any web-based account that deals with finances, gaming, retail and other consumer-facing services are under threat of attack from bot armies that are used by unscrupulous individuals.

Cyber criminals have made a very lucrative business out of Account Takeover attacks (ATO attacks) by selling the data from compromised accounts to fraudsters who, in turn, use it to commit cyber crimes that take advantage of mobile games, reward programs, financial services, retail services, and any other web-based service for consumers. It is predicted that there will be a huge spike in ATO attacks this year because of the massive number of data breach in 2015.

ATO attacks are dangerous because the accounts used were created by real users. Mass-registered fake accounts do not contain sensitive personal information but these accounts do, which makes them less suspicious from a security standpoint and therefore they are used to bypass security measures once they get sold to the underground market.

The types of financially motivated downstream attacks that uses taken over accounts are:

Spam

A service feature that accepts content from registered users is vulnerable to an attack by a taken over account. Attacks like this are usually done to askew ratings and degrade platform integrity.

Virtual Currency Fraud

Points from promotions, in-game virtual items, and promotional credits are harvested for real world cashing-in.

Financial Fraud

E-commerce or financial services that store member?s banking details are the targets. The Account takeover attack is performed by making unauthorized withdrawals from credit cards, debit cards, and bank accounts on file.

Phishing

In phishing, the attackers usually use a compromised account to launch phishing attacks within that account?s known contacts to steal their personal information, credentials, or sensitive data as well.

The ATO Army

Those performing account takeovers these days are often organized crime rings that have access to a huge number of bots that they can use to try to crack passwords. One data security company reported discovering an attack at a known retailer website with more than 300,000 failed log-in attempts from only a handful of locations.

Although the success rate was only 8%, it is still chilling how cyber criminals managed to use accounts that are fully registered and are from real people who have no idea that their accounts has been taken over.? What is even more chilling is that the credit card numbers on file were also attempted to be validated by the cyber criminals by using the data on the users? profile pages.

User accounts that have been taken over are exploited by the fraudsters are not the only ones that are going to suffer from an ATO attack. Brands that have fallen victim will also have to deal with harmful effects on their reputation, something that will have a more long-term effect.

Need help getting your account back, investigating a case of ATO attack, or wanting to devise a plan to prevent a future attack? Then have a chat with your Toronto private investigators. Contact us for an initial consultation today!

More To Explore

OSINT
Uncategorized

The Power of Open Source Intelligence Explained

The presence of easily accessible public records is one of the most crucial tools for private investigators in the digital era. While the information available to the public hasn’t significantly changed, the process of obtaining it has undergone a remarkable transformation. In our latest blog post we explain the power of open source intelligence and public records.

canada-scams
Blog

4 of the Top Scams in Canada Right Now and How to Avoid Them

The rise of the internet and technology has not only made our daily activities more convenient but has also opened up opportunities for scammers. Fraudsters are always coming up with new ways to trick their targets, and sadly, they are often successful. A recent study by CPA Canada’s annual fraud survey revealed that 46% of respondents had fallen victim to financial fraud at some point in their lives. This blog post outlines some of the scams that are currently taking the greatest financial toll on Canadians and offers advice on how to protect yourself.