Fraudsters are working together to liquidate bank accounts via connected crypto exchanges and wallets that have been ‘ignored’, according to a new study from digital trust firm Sift.
The Sift team observed on both dark web marketplaces and deep web forums on Telegram that fraudsters are seeking each other out to funnel funds from hacked bank accounts and crypto wallets.
The scammers make use of each other’s specialised skills to hack accounts and funds, eventually striking Bitcoin before splitting the payout and parting ways.
More than half of consumers surveyed by Sift only discovered their accounts had been compromised after logging in and noticing suspicious activity.
Sift’s Q3 2022 Digital Trust & Safety Index has revealed account takeover (ATO) attacks have soared by 131 per cent in H1 2022 compared to H1 2021. The industries with the highest increases in ATO attack rates were fintech, with ATO attack rates up 71 per cent; marketplaces (39 per cent increase); and finally, digital goods & services (37 per cent increase). Within fintech, cryptocurrency exchanges also saw a 79 per cent increase in attack rates.
Forty-two per cent of ATO victims have seen unauthorised purchases made on their hacked accounts using credit card or other payment information they had stored on the site. Likewise, 30 per cent of victims lost rewards points or credits.
Of most concern, is that businesses have failed to notify their customers and were likely unaware that these security incidents even occurred. Unsurprisingly, 43 per cent of consumers said they would stop using a site or app entirely if their associated accounts were compromised by an ATO attack.
“Account takeover attacks are proving to be a primary attack method among fraudsters in our challenging economic environment,” said Brittany Allen, trust and safety architect at Sift. “Adding insult to injury, cybercriminals are leveraging automation via bots and scripts to launch ATO attacks at scale, often forcing businesses to choose between introducing excessive friction in their user experience or being consumed by fraud.