Report: Account takeover attacks on the rise – fraudsters target fintech and crypto

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and achieve efficiency by upskilling and scaling citizen developers. Look now.


Sift’s latest Digital Trust & Safety Index – based on its global network of more than 34,000 websites and apps and a survey of over 1,000 consumers – details the rapid rise and evolution of account takeover (ATO) attacks. Account takeovers are a type of identity theft where a fraudster gains unauthorized access to an online account.

ATOs have risen by a staggering 131% in the first half of 2022 compared to the same period in 2021. Despite the global economic uncertainty, this massive increase indicates fraudsters are exploiting businesses and consumers by launching increasingly sophisticated account takeover attacks.

Cybercriminals have specifically targeted the cryptocurrency market, which saw a 79% increase in the ATO attack rate. This increase in attacks is linked to the recent market volatility, as fraudsters know that consumers are less likely to monitor their crypto wallets with falling prices.

Sift’s researchers discovered a new crypto payout scam on Telegram where cybercriminals work together and use hijacked bank accounts linked to crypto wallets to move or launder ill-gotten funds. Scammer A will advertise his access to stolen funds on Telegram to find another scammer who specializes in crypto account takeover and KYC bypass methods. When they team up, Scammer A will load the stolen funds into Scammer B’s account. Fraudster B will transfer the hijacked funds to a stolen crypto account and then withdraw the money to a private wallet. When the funds are depleted, they share the profits.

Although the payout element of the scam is not new, it highlights how fraudsters work together to carry out ATOs. These attacks negatively impact businesses by causing consumer churn and weakening brand loyalty. In fact, 43% of respondents expressed that they would stop using a website or app altogether if their account was compromised by an ATO attack.

That’s why it’s important that businesses have the right defenses in place to protect against sophisticated attacks. Through a machine learning system along with vast amounts of data, fraud prevention teams can analyze thousands of different signals to stop suspicious activity before accounts are compromised.

Read the full report from Sift.

VentureBeat’s mission will be a digital town square for technical decision makers to gain knowledge about transformative business technology and transactions. Discover our orientations.

Leave a Reply

Your email address will not be published. Required fields are marked *