News on online fraud from Nethone: Account Takeover is on a growth spurt!

At Nethone, we study online fraudster techniques and communities (both on the Darknet and Clearnet) all year round, but after noticing the uptick we did a more intensive study of the resources that fraudsters use to organise Account Takeover (ATO) scams. eCommerce and financial sector companies can benefit from having a sense of fraudster activity so that they can plan accordingly.

What is an account takeover?

It’s when someone gains illegal access to another person’s customer account on an eCommerce or banking site (for example, Amazon, EA/Origin, Allegro, Revolut). Fraudsters then proceed to buy goods and/or services with the account, use the account as a Trojan horse cover, and/or sell the credentials to other fraudsters. There are a number of methods that fraudsters have used to acquire other people’s credential information for customer accounts and what has surprised us recently are the new ways stolen accounts are distributed online.

2 major trends in online fraud

[1] Distribution of stolen accounts has expanded to the Clearnet (the indexed internet that you can reach with Google, Bing, Firefox, etc.) via certain third-party shopping sites.

Atshop is one of the more popular among “account crackers” (people who are in the stolen-accounts business). We counted their inventory and spotted 110,040 accounts in stock from 37 brands. The below vendor specializes in online game accounts; as you can see, they have a pretty wide selection:

Stolen gift card accounts are available as well:

Vendors who sell stolen accounts advertise openly on social media:

[2] We found that ATO packages are more affordable and user friendly than ever, now come with tutorials (which we reviewed), and are now tailored for fraudsters that use mobile devices.

What could be a big surprise to members of the anti-fraud community: these days there are more tutorials for use of mobile devices than for desktop PCs.

We reviewed the tutorials that come with ATO packages in the most popular Darknet forums and found that

• 43% of the tutorials recommend committing ATO with mobile apps
• 31% of the tutorials provide instructions to work on browsers (usually not specified if mobile or desktop)
• 9% can work on both
• 17% did not specify a device

Furthermore, 28% of tutorials were for in-store fraud (when a fraudster has to physically go into a shop) and almost all of them were connected to accounts with reward points. 17% of the tutorials recommend using accounts to buy gift cards as it is one of the simplest ways to cash out money from an account with a linked payment method.

We conducted a survey of Nethone’s clients as well, and they informed us that 40% of their ATO attacks come from mobile devices, which corroborates what we observed in the fraudster markets.

How e-commerce business owners can prevent fraudster activities

We recommend that companies that are involved with online transactions invest in a machine learning-based anti-fraud solution to not only stop fraudsters before they are able to log in with stolen credentials but to prevent costly false positives. When a legitimate customer is flagged by a sub-par fraud prevention system and is forced to jump through hoops or wait to complete the purchase, then the damage extends to the company’s incoming revenue. Customer accounts are easy targets for fraudsters, but at the same time, they are valuable assets for encouraging repeat business. So it becomes important to safeguard them with state of the art defense.

Users probably do not think twice about their shopping accounts. And why should they obsess over them? That is another reason for companies to invest in fraud prevention defense – take the security burden away from their customers and put it into the hands of the best in class.

What are some tips for online shoppers?

There are some fundamental practices that can help protect customers’ assets and security:

[1] Protect your shopping and gift card accounts with real passwords and PINs. A huge percentage of customers use the most obvious passwords (for ex., “password1234”) and PINs (for example, “1111” or “1234”). Fraudsters can just buy email addresses in bulk and use an application to test the most common passwords to commit ATO. Here are some good recommendations for creating passwords.

[2] Check your shipping address(es) periodically.

Fraudsters will often change the shipping address as a first step when they take over an account.

[3] Beware of phishing scams.

It’s a classic, oldie but goodie technique to gain access to customers’ information. It has stood the test of time because it continues to work! Do not reveal personal information to “representatives” unless you’re within the company’s secure environment.

Get in touch with Nethone to learn more!