Highlights:

  • In the first half of 2022, the number of Account Takeover Attacks (ATOs) increased by an astounding 131% as compared to the same time period in 2021.
  • The researchers at Sift uncovered a new crypto cash out fraud on Telegram in which hackers collaborate to shift or launder illicitly obtained funds using hijacked bank accounts tied to crypto wallets.

The 2018 Digital Trust and amp; Safety Index from Sift, based on its worldwide network of over 34,000 sites and apps and an analysis of over 1,000 consumers, reveals the rapid increase and development of account takeover (ATO) attacks. Account takeovers are a form of identity theft in which a criminal acquires unauthorized access to a user’s online account.

In the first half of 2022, the number of ATOs increased by an astounding 131% compared to the same time period in 2021. This significant surge implies that the fraudsters are taking advantage of businesses and people by executing increasingly sophisticated account takeover assaults, despite the global economic turmoil.

Cybercriminals have set their sights specifically on the cryptocurrency market, which saw an increase of 79% in ATO attack rates. This increase in attacks has been attributed to the recent market volatility, as fraudsters are aware that consumers are less likely to monitor their cryptocurrency wallets as prices fall.

Researchers at Sift uncovered a new crypto cashout fraud on Telegram in which hackers collaborate to shift or launder illicitly obtained funds using hijacked bank accounts tied to crypto wallets. Fraudster A will use Telegram to promote their access to stolen assets to recruit another fraudster specializing in crypto account takeover and KYC bypass techniques. Fraudster A will transfer the stolen monies to Fraudster B’s account once they join forces. Fraudster B will move the stolen monies to a compromised crypto account before withdrawing them to a private wallet. After depleting the cash, they will divide the profit.

Although the cashout aspect of the scam is not novel, it demonstrates how fraudsters collaborate to execute ATOs. These assaults negatively influence businesses, resulting in customer losses and diminishing brand loyalty. 43% of study respondents said they would cease using a website or application altogether if an ATO assault compromised their accounts.

For this reason, organizations need to have the proper protections in place to prevent sophisticated assaults. By combining a machine learning system with large volumes of data, fraud protection teams can examine tens of thousands of signals for suspicious activity to avoid account compromises.