Account Takeover Statistics By Industry, Account Type and Frequency of Suspicious Login Alerts

Introduction

Account Takeover Statistics: In recent years, the Internet of Things trend and an urge for digital life have led to many types of digital fraud. Moreover, the development of AI and similar technologies has increased the risk of online business accounts and individual identities. According to various reports on the internet, new bees are learning cyber crime methods on ChatGPT.

Moreover, these Account Takeover Statistics 2023 show the percentage increase in such attacks around the world. The primary reason for such attacks to occur is common passwords across multiple accounts. We can prevent such attacks by verifying the authenticity of the website or information before clicking “Proceed.”

Editor’s Choice

• According to consumers in a Sift survey, the top three sites with the highest risk of account takeover are digital services subscription (36%), Online shopping (31%), and Bank or credit card accounts (29%).
• According to Account Takeover Statistics, the number of ATO attacks (Account Takeover Attacks) increased by 354% in 2023.
• According to IBM Cost of a Data Breach Report 2023, it requires 11 months on average to resolve the problem caused by stolen credentials.
• 70% of the ATO victims said they shared a similar password across multiple accounts that reported an ATO attack.
• The average breach due to stolen credentials is likely to cost the company $4.62 million.
• As of 2023, Social media, baking, and email or messaging accounts have the highest risk of ATO attacks, contributing 53%, 42%, and 23% each.
• Large companies with more than 50,000 employees are 60% more likely to be victims of ATO attacks every week.
• More than two-thirds of ATO victims announced unauthorized purchases occurred due to payment details leaks, one-fourth of which reported debits from the account.
• 24% of ATO victims with shared email addresses or phone numbers changed their information after the attack.
• In 2023, personal accounts and personal and business purposes fortunately recorded a minor percentage decline in the rate of victims, contributing 75% and 4%, respectively.

You May Also Like To Read

• Youtube Statistics
• Cybercrime Statistics
• GenAI Statistics
• Gmail Statistics
• Dark Web Statistics
• Remote Work Cybersecurity Statistics

General Account Takeover Statistics

• According to Account Takeover Statistics, the number of ATO attacks (Account Takeover Attacks) increased by 354% in 2023.
• As of 2023, 22% of American adults have experienced account takeover fraud which makes 24 million households in the USA.
• Furthermore, in a similar year, fraudsters’ focus was on merchants who give rewards to consumers for online or offline shopping, contributing to around 900% growth in attacks.
• According to consumers in a Sift survey, the top three sites with the highest risk of account takeover are digital services subscription (36%), Online shopping (31%), and Bank or credit card accounts (29%).
• More than two-thirds of ATO victims announced unauthorized purchases occurred due to payment details leaks, one-fourth of which reported debits from the account.
• Account Takeover Statistics show that 76% of consumers are likely to leave the brand if their account is taken over.
• Moreover, 73% of consumers say that the company is responsible for ATO attacks as well as the protection of account credentials.
• In 2023, 14% of people knew someone who had committed ATO attacks.
• 4% of fraudsters are likely to admit to committing to the ATO fraud themselves.
• Only 43% of the victims of account takeover are notified by the company about the incident.
• 24% of ATO victims with shared email addresses or phone numbers changed their information after the attack.
• Around 26% of companies are targeted by fraudsters every week with ATO attempts.
• According to IBM Cost of a Data Breach Report 2023, it requires 11 months on average to resolve the problem caused by stolen credentials.
• Large companies with more than 50,000 employees are 60% more likely to be victims of ATO attacks every week.
• Around 80% of Fortune 1000 Companies reported at least one compromised account report.
• The average breach due to stolen credentials is likely to cost the company $4.62 million.
• As per a report by Security.org, in 2023, the incidents of accessing someone else’s account by gaining credentials increased by 29%.
• 70% of the ATO victims said they shared a similar password across multiple accounts that reported an ATO attack.
• By 2025, the Account takeover fraud market is estimated to reach $16.8 billion.
• In 2023, more than half of the websites recorded account takeover attacks.

Account Takeover Statistics by Industry

(Source: sift.com) 

According to Sift’s digital trust and safety index Q3 2023 report, in their global network, loyalty-related ATO increased by 890%, while the Fintech industry experienced an 808% year-on-year increase. The food and beverages industry recorded a 485% rise, while Crypto showed a 189% increase in ATO frauds.

Account Takeover Statistics by Share of Account Takeover Victims by Account Type

(Reference: security.org)

Compared to 2021, the number of account takeover victims by type has increased by 21% for business accounts. However, in 2023, personal accounts and personal and business purposes fortunately recorded a minor percentage decline in the rate of victims, contributing 75% and 4%, respectively.

Account Takeover Statistics by Frequency of Suspicious Login Alerts

When was the last time you were alerted about a suspicious login attempt not made by you?

(Source: security.org)

Account Takeover Statistics state that the majority of the users have received a suspicious login attempt alert within the last month, contributing 34%. Whereas 23% and 13% of users reported within the previous 6 months and one year, respectively. There were less than 10% of users with less or more than 2 years after the incident. On the other hand, 15% of individuals never received any suspicious login attempt alert.

Account Takeover Statistics by Most Vulnerable Account Types

What types of accounts were taken over (select all that apply)?

(Source: security.org)

As of 2023, Social media, baking, and email or messaging accounts have the highest risk of ATO attacks, contributing 53%, 42%, and 23% each. On the other hand, food or travel accounts are the least risky accounts, with 9% vulnerability. Overall, compared to 2021, 2023 saw an increase in the rate of vulnerability except for email or messaging accounts.

Account Takeover Statistics by Actions Taken to Prevent ATO Attacks

What actions did you take to prevent account takeover in the future? Select all that apply.	2021	2023
Changed password	64%	56%
Added security questions	32%	35%
Added two or multi-factor authentication	35%	34%
Installed password manager	19%	27%
Installed identity theft protection services	17%	23%
Installed antivirus software	22%	22%
Installed VPN	22%	22%
Other methods	9%	4%
None of the above	3%	3%

(Source: security.org)

The majority of users in 2023, 56%, prefer to change their account passwords. In addition, other leading actions taken by the users were adding security questions (33%), two- or multi-factor authentication (34%), installing a password manager (27%), and accessing identity theft protection services (23%).

Common Ways of Attacks by Account Type

Ways of attacks	Type of Account	Outcome
SIM swapping, credential stuffing	Crypto Currency Exchange Accounts	Financial losses, theft of funds, or cryptocurrency holdings
Social Engineering, Phishing	Healthcare accounts	Prescription fraud, medical identity theft for insurance purposes
Credential stuffing, phishing	Retail accounts	Reshipping schemes, merchandise theft
Password spraying, phishing	Email accounts	BEC scams, or identity theft
Fake login pages, credential stuffing, phishing messages	Social media accounts	Spreading misinformation, data theft, reputation damage
SIM swapping, Phishing, credential stuffing	Financial Accounts such as credit cards or bank	Unauthorized transactions, stolen funds

(Source: idstrong.com)

Top Fraud Trends to Watch in 2024

Cybercrime and fraud pose persistent threats in today’s digital landscape, constantly evolving as fraudsters adapt and find new ways to exploit individuals’ personal information. To effectively combat these threats, it’s essential to understand the various tactics employed by fraudsters and adopt robust prevention measures.

Automation stands as a significant tool in the fraudster’s arsenal, enabling them to conduct fraudulent activities at scale while remaining undetected. By utilizing software or bots, fraudsters can automate tasks that traditionally require human intervention, such as credential stuffing, where stolen login credentials are systematically tested across multiple platforms to gain unauthorized access.

Account takeover (ATO) is another prevalent form of fraud in which cybercriminals gain unauthorized access to individuals’ or businesses’ online accounts. This type of identity theft often occurs through phishing schemes or malware attacks, allowing fraudsters to acquire legitimate user credentials or purchase them from illicit sources. Once in control, they exploit these accounts for various illicit activities, including financial fraud, money laundering, and theft of loyalty points or subscription information.

The adoption of new digital payment methods and the rise of cryptocurrencies have introduced additional avenues for fraudsters to exploit. While these technologies offer benefits such as enhanced efficiency and convenience in transactions, they also present vulnerabilities that can be exploited for fraudulent purposes. The anonymity provided by cryptocurrencies, in particular, facilitates illicit activities, making it challenging for law enforcement agencies to trace and apprehend fraudsters.

Maintaining a delicate balance between fraud prevention and customer experience poses a significant challenge for online businesses. The level of friction customers experience during the checkout process directly impacts their conversion rates. Striking the right balance requires implementing effective authentication solutions, such as behavioral biometrics and passwordless authentication, to enhance security without unduly inconveniencing legitimate users.

Synthetic identity fraud has emerged as one of the fastest-growing financial crimes globally, posing a substantial threat to businesses and financial institutions. In synthetic identity fraud, fraudsters create fictitious identities by combining real and false information, making detection and prevention challenging for organizations. Synthetic identities are used to perpetrate various fraudulent activities, including opening fraudulent accounts and obtaining credit under pretenses.

The escalating cost of fraud presents a significant concern for businesses. It encompasses not only direct financial losses but also the expenses associated with fraud prevention measures and the impact on customer trust and loyalty. With the increasing prevalence of online and mobile transactions, fraudsters are capitalizing on the growing digital footprint to perpetrate fraud, necessitating heightened vigilance and investment in robust fraud detection and prevention mechanisms.

The digitization of commerce and banking has led to a proliferation of digital channels, providing fraudsters with ample opportunities to exploit vulnerabilities. To combat fraud effectively, organizations must adopt a multi-layered approach to fraud assessment, leveraging advanced technologies such as AI and machine learning to analyze diverse data points and identify potential risks in real time.

Targeted attacks pose a significant threat to businesses, as cybercriminals exploit vulnerabilities in an organization’s infrastructure to gain unauthorized access to sensitive data. These attacks often occur over an extended period, allowing fraudsters to remain undetected while inflicting substantial financial and reputational damage on the target entity.

Real-time risk assessment has become imperative in the face of increasing online and mobile transactions, requiring organizations to deploy comprehensive fraud detection and identity verification solutions. By leveraging advanced technologies and fraud orchestration tools, businesses can effectively manage risks while ensuring a seamless and secure customer experience.

Account security remains a critical aspect of fraud prevention, with multi-factor authentication emerging as a vital defense mechanism against unauthorized access and fraudulent activities. By implementing robust authentication measures, such as biometric authentication and behavioral biometrics, organizations can enhance security and mitigate the risk of account takeover and identity theft.

In conclusion, combating fraud requires a proactive and multi-faceted approach, encompassing advanced technologies, robust authentication mechanisms, and vigilant monitoring of digital transactions. By staying abreast of evolving fraud trends and leveraging innovative solutions, businesses can effectively mitigate risks and safeguard their customers’ financial security and privacy.

Conclusion

At the speed of technological development, it is still a challenge to prevent cyber crimes from happening every minute across the world. Attackers always come up with new ideas to attack. Unfortunately, artificial intelligence has given cybercriminals a broader scope. As stated in these account takeover statistics, our online identities are not safe, even if they are individual or brand identities. The best way to prevent ourselves from such frauds is to change passwords every three months.

Choosing a variety of passwords across multiple platforms will also aid in saving the credentials. To be more secure, we need to educate ourselves with basic cyber security techniques to prevent being a victim.