Connect with us

Hi, what are you looking for?



Account Takeover Attempts Nearly Double Over Six Months: Report

Account takeover attempts and credit card fraud have nearly doubled over a six month period, ThreatMetrix said, as part of its new Cybercrime Index, which examines Web fraud and provides insight into the prevalence of such attacks. 

Account takeover attempts and credit card fraud have nearly doubled over a six month period, ThreatMetrix said, as part of its new Cybercrime Index, which examines Web fraud and provides insight into the prevalence of such attacks. 

In a six-month window encompassing the last three months of 2012 and the first three months of 2013, ThreatMetrix found that highest number of Web fraud involved new account registrations using spoofed and synthetic identities. New account registrations include applying for new lines of credit, creating a profile on a social networking site or marketplace, and enrolling in an authentication scheme, the company said.

“Nearly one in every ten new accounts opened online is done using a spoofed identity, and the incidence of account takeover attempts and online payments fraud have both doubled in the last six months,” said Alisdair Faulkner, chief products officer at ThreatMetrix.

This isn’t surprising, considering the number of large-scale data breaches that have been reported recently, Faulkner said. The breaches underscore just how easy it is for criminals to obtain enough information about the person’s identity to bypass most identity verification systems.

The most common form of stolen identities is via human- or bot-generated fraud attacks that are routed through proxies and VPNs designed to disguise where the attack is originating from, according to ThreatMetrix. The proliferation of free and commercial VPN services and the popularity of platform as a service offerings to set up ad hoc tunnels allow attackers to bypass IP-address-based geo-filter blacklists.

Payment fraud attempts, such as online credit card transactions and money transfers, increased from 3.1 percent to 6.4 percent over the same six-month period, according to the Cybercrime Index. Sophisticated cyber-gangs are increasingly adopting banking malware to intercept full credit card information from customers as they enter it online. The malware can inject a “fake verification step” in the form of a page asking for this information when the user is logging into a bank account, Faulkner said.

Account takeover attempts increased by 168 percent, ThreatMetrix said. Traditionally seen on banking and brokerage sites, account takeovers are now a problem for e-commerce sites that store credit card details and software-as-a-service sites that hold valuable customer data. Attackers are targeting these sites since most of them have not gotten around to beef up their protections to the extent financial services organizations have, the company said.

Advertisement. Scroll to continue reading.

Account takeover attempts are also much more sophisticated, with attackers using blended techniques to exploit companies who don’t check device identification, scan for malware, or look for bots. The attacks include malware, such as man-in-the-browser Trojans, to intercept login credentials, and automated scripts that check the account for details on its balance or saved information.

The total cost of cyber-crime and efforts to prevent attacks surpassed $1 trillion a year, although the economic impact of the attacks vary by industry, ThreatMetrix said.

The increased sophistication of malware means organizations should assume that a “material percentage” of customer accounts are either compromised or used for criminal purposes, said Faulkner, Considering that data breaches are “imminent,” organizations should invest to gain automated visibility into device information, persona, relationship, and global behavior. The alternative is to place additional verification roadblocks, which would slow down legitimate users as well.

ThreatMetrix calculated the Cybercrime Index from data compiled from customers in its TrustDefender CyberCrime Prevention Platform and information gathered by the ThreatMetrix Global Trust Intelligence Network. The data used for the index was aggregated from 1,500 customers, 9,000 Websites and more than 1.7 billion cyber-events, the company said.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...