The latest news on online fraud from Nethone: Account Takeover is on a growth spurt!!!

For the past year, Nethone has closely monitored Black Friday, Cyber Monday, and Holiday shopping: there's clear evidence that Account Takeover fraud is on a growth spurt.

Joe from Nethone tells you more about the big trends in online fraud and how e-commerce business owners can prevent fraudster activities below.

Joe also shares valuable tips for consumers on how to shop safely during the upcoming holidays!

e-commerce Nethone

At Nethone, we study online fraudster techniques and communities (both on the Darknet and Clearnet) all year round, but after noticing the uptick we did a more intensive study of the resources that fraudsters use to organise Account Takeover (ATO) scams. eCommerce and financial sector companies can benefit from having a sense of fraudster activity so that they can plan accordingly.

What is an account takeover?

It’s when someone gains illegal access to another person’s customer account on an eCommerce or banking site (for example, Amazon, EA/Origin, Allegro, Revolut). Fraudsters then proceed to buy goods and/or services with the account, use the account as a Trojan horse cover, and/or sell the credentials to other fraudsters. There are a number of methods that fraudsters have used to acquire other people’s credential information for customer accounts and what has surprised us recently are the new ways stolen accounts are distributed online.


2 major trends in online fraud

[1] Distribution of stolen accounts has expanded to the Clearnet (the indexed internet that you can reach with Google, Bing, Firefox, etc.) via certain third-party shopping sites.

Atshop is one of the more popular among “account crackers” (people who are in the stolen-accounts business). We counted their inventory and spotted 110,040 accounts in stock from 37 brands. The below vendor specializes in online game accounts; as you can see, they have a pretty wide selection:

Nethone Screenshot

Stolen gift card accounts are available as well:

Nethone Screenshot

Vendors who sell stolen accounts advertise openly on social media:

Screenshot Twitter


[2] We found that ATO packages are more affordable and user friendly than ever, now come with tutorials (which we reviewed), and are now tailored for fraudsters that use mobile devices.

What could be a big surprise to members of the anti-fraud community: these days there are more tutorials for use of mobile devices than for desktop PCs.

We reviewed the tutorials that come with ATO packages in the most popular Darknet forums and found that

  • 43% of the tutorials recommend committing ATO with mobile apps

  • 31% of the tutorials provide instructions to work on browsers (usually not specified if mobile or desktop)

  • 9% can work on both

  • 17% did not specify a device

Furthermore, 28% of tutorials were for in-store fraud (when a fraudster has to physically go into a shop) and almost all of them were connected to accounts with reward points. 17% of the tutorials recommend using accounts to buy gift cards as it is one of the simplest ways to cash out money from an account with a linked payment method.

We conducted a survey of Nethone’s clients as well, and they informed us that 40% of their ATO attacks come from mobile devices, which corroborates what we observed in the fraudster markets.

How e-commerce business owners can prevent fraudster activities

We recommend that companies that are involved with online transactions invest in a machine learning-based anti-fraud solution to not only stop fraudsters before they are able to log in with stolen credentials but to prevent costly false positives. When a legitimate customer is flagged by a sub-par fraud prevention system and is forced to jump through hoops or wait to complete the purchase, then the damage extends to the company’s incoming revenue. Customer accounts are easy targets for fraudsters, but at the same time, they are valuable assets for encouraging repeat business. So it becomes important to safeguard them with state of the art defense.

Users probably do not think twice about their shopping accounts. And why should they obsess over them? That is another reason for companies to invest in fraud prevention defense – take the security burden away from their customers and put it into the hands of the best in class.

What are some tips for online shoppers?

There are some fundamental practices that can help protect customers’ assets and security:

[1] Protect your shopping and gift card accounts with real passwords and PINs. A huge percentage of customers use the most obvious passwords (for ex., “password1234”) and PINs (for example, “1111” or “1234”). Fraudsters can just buy email addresses in bulk and use an application to test the most common passwords to commit ATO. Here are some good recommendations for creating passwords.

[2] Check your shipping address(es) periodically.

Fraudsters will often change the shipping address as a first step when they take over an account.

[3] Beware of phishing scams.

It’s a classic, oldie but goodie technique to gain access to customers’ information. It has stood the test of time because it continues to work! Do not reveal personal information to “representatives” unless you’re within the company’s secure environment.



Get in touch with Nethone to learn more!

Reach out to Joe on LinkedIn or send an email to joseph.cha@nethone.com

More articles you might like to have a look at.

3VC illustration predictions for 2021
Insights

2021 Predictions from 3VC

Year in review - S2020/E1.000.001: Predicting the past, present, or future?

We hear a lot about Venture Capitalists trying to predict the future, maybe even 10 years ahead. However, this is not fully accurate. Venture Capitalists are...

Dec 22, 2020
Learn more about 2021 Predictions from 3VC
Quality over Quantity
Insights

Quality over Quantity – Why a small portfolio leads to big returns

Let’s start with some number-crunching!

Common knowledge suggests that 9 out of 10 startups fail. Diving into statistics, the majority of VC returns are coming from 20% of their investments, in other words from 2 out of 10 startups the VC...

Dec 16, 2020
Learn more about Quality over Quantity – Why a small portfolio leads to big returns
Roman Scharf
Team

Meet the 3VC Team: Roman Scharf

Why 3VC?

We have started 3VC to drive the European start-up ecosystem forward. After 25 years as an entrepreneur, founding 5 companies and moving 12 times I decided that I can have more impact by sharing my learnings. All founders...

Nov 19, 2020
Learn more about Meet the 3VC Team: Roman Scharf