Report: Account Takeover Attacks are up 24% YoY; Sift Discovers New Identity Theft Tool For Rent Via Telegram
Identity theft tool allows anyone with an internet connection to steal accounts for $10 a week
SAN FRANCISCO, Sept. 12, 2024 (GLOBE NEWSWIRE) — Sift, the AI-powered fraud platform securing digital trust for leading global businesses, today released its Q3 2024 Digital Trust Index, which found account takeover (ATO) attacks are on the rise. The ATO attack rate saw a significant 24% increase across the Sift Global Network in Q2 2024 compared to the same period in 2023. Additionally, 24% of consumers surveyed by Sift have been a victim of ATO in the past year, up from 18% in 2023.
This surge is part of a continuing trend, as ATO attacks have been steadily climbing in recent years (Sift data showed a staggering 354% year-over-year increase in Q2 2023). Data breaches, which are often the precursor to ATOs, are also making headlines in 2024, thanks to high-profile incidents including National Public Data’s massive data breach of 2.9 billion records, the Ticketmaster hack, and Change Healthcare’s patient data theft at the hands of a ransomware gang. These incidents all underscore the widespread consequences of this growing threat.
“With large scale data breaches exposing billions of user records in 2024 alone, account takeover attacks have scaled to become one of the most common and damaging types of fraud online,” said Brittany Allen, Senior Trust and Safety Architect at Sift. “These attacks are almost always ‘stepping stones’ for cybercriminals who are after stored payment credentials, loyalty points, or other stored value.”
As part of the Q3 2024 Digital Trust Index, Sift also revealed the discovery of a jarring and powerful tool on the messaging app Telegram, which can be used to commit account takeovers and identity theft. The tool is a remarkably easy to use fraud-as-a-service application that even novice cybercriminals can leverage to exploit compromised data. The developers created the application to aggregate breached data from various sources, such as Intelligence X, and market it on Telegram for prices as low as $10 per week.
After purchasing access, users of this tool are able to search for individuals or corporate accounts to obtain credentials that have been part of large-scale data breaches or otherwise maliciously obtained. The tool enables anyone with internet access to find credentials for seemingly millions of people—within minutes. This process highlights the ease and speed with which fraudsters can access and exploit compromised data, and serves as a frightening example of the democratization of fraud and the rise of fraud-as-a-service. With this intel, it’s increasingly imperative that businesses adopt technologies to combat fraud and consumers practice exceptional password hygiene in order to protect themselves from falling victim.
“As part of our regular research, Sift’s Trust and Safety Architect team always looks at dark and deep web marketplaces to understand the latest fraud trends,” Allen continued. “What our team found in our latest research demonstrates just how quickly cybercriminals are cashing in on these data breaches, by making the credentials of seemingly anyone online easily available. What we’re seeing is the democratization of fraud on steroids, and it underscores the need for businesses to protect their customers with technologies like AI—which stop fraud before it happens while streamlining the experience for consumers.”
To gather findings for the Index, Researchscape International polled 1,096 adults (aged 18+) across the United States via online survey in July 2024 on behalf of Sift. In addition to surveying consumers, the Q3 Digital Trust Index relies on data from the Fraud Industry Benchmarking Resource (FIBR), a first-of-its-kind online tool powered by Sift’s Global Data Network, that allows anyone to access key fraud metrics across industries, geographies, and time.
To read Sift’s Q3 2024 Digital Trust Index, go here.
About Sift
Sift is the AI-powered fraud platform securing digital trust for leading global businesses. Our deep investments in machine learning and user identity, a data network scoring 1 trillion events per year, and a commitment to long-term customer success empower more than 700 customers to grow fearlessly. Brands including DoorDash, Yelp, and Poshmark rely on Sift to unlock growth and deliver seamless consumer experiences. Visit us at sift.com and follow us on LinkedIn.
Media Contact:
Victor White
Senior Director of Corporate Communications, Sift
[email protected]