Targeting Forgotten Crypto Accounts
Sift’s Q3 2022 Digital Trust & Safety Index also reveals account takeover attacks surged 131% in H1 2022 compared to H1 2021
SAN FRANCISCO, Sept. 27, 2022 (GLOBE NEWSWIRE) — Sift, the leader in Digital Trust & Safety, today released its Q3 2022 Digital Trust & Safety Index, which details the rapid rise and evolution of account takeover (ATO) attacks based on its global network of over 34,000 sites and apps and a survey of over 1,000 consumers. The report also highlights a new scam in which fraudsters collaborate to liquidate bank accounts via connected crypto exchanges and wallets that have been ignored amidst the “crypto winter.”
Sift’s report shows that no industry has been untouched by ATO attacks, with an alarming 131% increase across Sift’s global network in the first half of 2022 versus the same period in 2021. Fraudsters, however, have set their sights on particular sectors amidst the global economic downturn, seeking to take advantage of dormant accounts and stored payment information. The industries with the highest increases in ATO attack rates were fintech, with ATO attack rates up 71%; marketplaces (39% increase); and finally, digital goods & services (37% increase). Within fintech, cryptocurrency exchanges saw a 79% increase in attack rates.
Account Insecurity Shaking Consumer Confidence
As a result of the constant barrage of ATO attacks, consumers report financial loss as a direct consequence, with 42% of ATO victims seeing unauthorized purchases made on their hacked accounts using credit card or other payment information they had stored on the site. Likewise, 30% of victims lost rewards points or credits.
However, financial loss to consumers—and the ensuing remediation required of businesses—only paints a partial picture of the effects of hacked accounts. Alarmingly, more than half of victims (51%) only discovered their accounts had been compromised after logging in and noticing suspicious activity, meaning those businesses failed to notify their customers and were likely unaware that these security incidents even occurred. Unsurprisingly, 43% of consumers said they would stop using a site or app entirely if their associated accounts were compromised by an ATO attack.
Teamwork Makes the Scheme Work
As cryptocurrency prices have plummeted in recent months, Sift’s Trust and Safety Architects uncovered a new scam targeting crypto account holders—many of whom are no longer checking their accounts frequently due to crypto’s loss in value. The Sift team observed on both dark web marketplaces and deep web forums on Telegram that fraudsters are seeking each other out to funnel funds from hacked bank accounts and crypto wallets.
In this crypto cashout scam, one fraudster who is looking to launder stolen funds solicits the help of another fraudster who has successfully taken over connected bank accounts and crypto wallets. Once they team up, the cybercriminals load the stolen funds into the hijacked bank account and then into the corresponding stolen crypto wallet, before draining the funds and splitting the profits.
“Account takeover attacks are proving to be a primary attack method among fraudsters in our challenging economic environment,” said Brittany Allen, Trust and Safety Architect at Sift. “Adding insult to injury, cybercriminals are leveraging automation via bots and scripts to launch ATO attacks at scale, often forcing businesses to choose between introducing excessive friction in their user experience or being consumed by fraud. However, businesses that adopt a Digital Trust & Safety strategy—one that allows businesses to introduce friction dynamically—can stifle fraudsters without treating customers like criminals.”
With fraudsters teaming up to funnel stolen funds through stolen accounts, both consumers and businesses need to be vigilant.
To read Sift’s Q3 Digital Trust & Safety Index, go here, and to see a full walkthrough of the crypto cashout scam, visit Sift’s Fraud Intelligence Center.
About Sift
Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivaled global data network of 70 billion events per month, and a commitment to long-term customer partnerships. Global brands such as DoorDash, Twitter, and Blockchain.com rely on Sift to gain a competitive advantage in their markets. Visit us at sift.com, and follow us on LinkedIn.
