7 Ways Cybercriminals Commit Account Takeover Fraud
No business wants to suffer an account takeover (ATO) attack, but few realize the true extent of the damage it can cause. Once a cybercriminal gains unauthorized access to a legitimate user account, the possibilities for fraud abound. Read on to learn how fraudsters use compromised accounts for monetary gain, leaving damaged brand reputations and financial losses in their wake.
1. Make Fraudulent Purchases
Consumers often store credit card numbers, gift card balances, loyalty points and airline miles in their accounts for easier checkout. In fact, 45% of consumers prefer this. Attackers who compromise user accounts are free to go on a shopping spree, courtesy of the ATO victim. Cybercriminals typically purchase gift cards that they can either sell on a secondary market, or use the gift cards themselves to purchase electronics and other high-value items for resale. Businesses suffer financial losses due to refunds, chargebacks and processing fees, additional customer support resources and damage to brand reputation.
2. Commit Warranty Fraud
Fraudsters can change the email and shipping address associated with an account after a successful takeover. After looking back in the account purchase history, they can call customer support to complain that an ordered item was never delivered, arrived damaged or broke while under warranty and demand a replacement. This can cost businesses inventory that they’ll never get back. Fitbit, for example, experienced a warranty fraud attack where bad actors asked for replacements of its $250 premium fitness tracker. After getting swindled out of merchandise, Fitbit responded by locking compromised accounts. It took two weeks for them to resolve the problem and unfreeze the accounts, much to the frustration of their legitimate customers.
3. Create Fake Accounts
Cybercriminals can use the personally identifiable information (PII) stored in a compromised account to open fake accounts using that name (Read more...)
*** This is a Security Bloggers Network syndicated blog from PerimeterX Blog authored by PerimeterX Blog. Read the original post at: https://www.perimeterx.com/resources/blog/2022/7-ways-cybercriminals-commit-account-takeover-fraud/
