Account takeover (ATO) happens when a fraudster gets access to a genuine customer’s account. Once a fraudster has compromised an account, what do they do with it?
There are a range of options available:
- Make fraudulent orders using saved or stolen card details
- Use loyalty points or account credits
- Sell the confirmed account
- Extract the customer data to sell
But to get an idea, we analyzed data from ATO attacks against food delivery businesses. Here’s what we found:
1 - 71% of ATO attacks resulted in the attacker placing an order
We found that for food delivery ATO attacks, the primary method for monetizing the account was to place an order. They make 3 to 4 orders on average, with around a 50% success rate. Of the 29% of attacks which didn’t result in an order, the customer may have spotted a change on their account and contacted the merchant. Or the attacker may have resold the account details.
2 - 46% of attacks included orders placed to a city/region different from the customer’s previous order
For food delivery businesses, it’s not unusual for customers to order deliveries to different addresses. But changing delivery addresses can be an indication of ATO. So it can be challenging to differentiate ATO activity from normal customer behavior.
3 - 10% of attackers changed the email address, while 48% changed the phone number
Attackers were more likely to change the account phone number than the email address. Food delivery services often send an SMS text message to the customer to alert them that an order is on the way. The fraudster changing the phone number would stop the genuine customer getting this alert and contacting the merchant. They can also contact the driver to arrange a different drop off location, and/or overcome SMS authentication.
4 - In around 15% of attacks the phone number on the account was changed twice or more - suggesting that fraudsters may use temporary phone numbers.
No comments:
Post a Comment