Silent Threat: Account Takeover Attacks (ATO) are on the rise
Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers
“As many as one in four password reset attempts from desktop browsers are fraud, according to security researchers. The fraud attempts are part of a rapid growth in password reset attacks, according to the annual LexisNexis Risk Solutions Cybercrime Report. Researchers found that there are 70,000 password reset attacks in the UK every week, with fraudsters aiming to take over individuals’ online accounts.”
Park ‘N Fly Data Breach Impacts a Million Customers
“Park ‘N Fly stressed that the data breach did not expose customers’ payment card information or account login credentials. Nevertheless, it exposes customers to account takeover attacks via exposed Aeroplan numbers and phishing attacks via exposed email addresses, which could eventually lead to exposed credit cards.”
How credit unions can fight back against account takeover fraud and scams
“79% of credit unions and community banks experienced more than $500,000 in direct fraud losses in 2023—higher than any other segment surveyed. While digital channels are critical for providing high-quality member experiences, their increasing prevalence in financial services has provided fraudsters with new opportunities to infiltrate and attack credit unions and their members. Account takeovers are hitting credit unions hard.”
https://www.cuinsight.com/how-credit-unions-can-fight-back-against-account-takeover-fraud-and-scams/
Stolen account info still chief risk for federal agencies, annual CISA audit finds
“For the second year in a row, CISA found that stolen account information was the main potential source of entry for a would-be attacker. CISA found that the easiest way into a federal network is through the use of default or stolen administrator accounts, or former employee accounts that have not been removed.”
领英推荐
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
“It only took threat actors a few hours after the disclosure of the flaw before they started attacking sites en masse, with Wordfence reporting blocking nearly 50,000 attacks. Today, two weeks have passed since the initial disclosure, and the same portal reports 340,000 attacks in the past 24 hours.”
Insights
Password reset fraud and account takeover (ATO) attacks pose a significant and growing threat. The scale of this problem is alarming: one in four password reset attempts is fraudulent, with the UK alone experiencing 70,000 password reset attacks weekly. This growing trend impacts both businesses and users in all industries.
Recent incidents, such as the Park 'N Fly data breach, highlights the vulnerability of customer data. When personal information like email addresses and loyalty program numbers are exposed, it puts customers at risk and severely damages the organization's reputation. The WordPress vulnerability further illustrates how diverse organizations are vulnerable to these attacks from multiple threat surfaces.
The immediate risk of financial loss occurs when user accounts are compromised. From drained bank accounts to unauthorized credit card charges, the economic impact can be devastating and long-lasting. Beyond immediate financial loss, victims of ATO attacks are at risk of full-scale identity theft. Stolen personal information can be used to open new accounts, apply for loans, or even commit crimes in the victim's name.
To counter these threats, organizations must move beyond frail security tactics like traditional password and email-based account recovery processes. Incorporating modern identity verification (IDV) into the account recovery process can significantly reduce the risk of fraudulent takeovers. IDV ensures that only verified and authorized individuals can recover accounts, even if account data is leaked.
While IDV implementation may seem expensive and complicated, IdRamp's IDV Orchestration platform simplifies deployment and reduces costs. To help protect your organization from the growing wave of ATO attacks, contact IdRamp to learn about the most effective defense methods.