Buyer Beware! Account Takeover Attacks Surging This Shopping Season

by Erez Hasson on December 19, 2022

The prevalence of Account Takeover (ATO) attacks continues to rise, as the threat creeps its way to the top of the list of security concerns for organizations today. Last year, Imperva recorded a staggering 148% increase in Account Takeover attacks, as reported in the 2022 Bad Bot Report. And before we dive deep into analyzing the data from this year (look forward to that in the upcoming 2023 Bad Bot Report), let’s review two major events that have taken place recently, shaping the threat landscape as we near the end of the year.

Holiday shopping season

It would be difficult to find an online retailer, or any retailer for that matter, that did not offer some sort of special discounts during the past few weeks. Be it Singles Day, Black Friday, Cyber Monday or any other name retailers might choose for their “biggest savings” event, this is clearly the year’s peak shopping season and it has become a worldwide phenomenon. With all of these events now in our rearview mirror and the holiday shopping season just about done, it is time to take a look at how bad actors have been spending this festive time of the year.

To no one’s surprise, they’ve been busy exploiting the high volume of traffic and transactions on retailers’ websites to commit online fraud, with account-based fraud being prevalent. And as the explosive growth in usage of Buy Now, Pay Later (BNPL) solutions persists, the risk is bigger than ever. Attackers can target a user’s BNPL account directly or choose to target a user account with a business that is authorized to charge their BNPL account, essentially doubling their chances of success. In fact, according to research by PaymentsJournal, From 2020 through 2021, payment fraud rates over Black Friday weekend increased 66% for BNPL specifically.

Throughout the entire duration of the holiday shopping season, Imperva has recorded elevated levels of Account Takeover events, rising 12% in October and culminating on Black Friday (November 25th), with a 66% increase in Account Takeovers. Another notable increase was recorded on October 26th, just a month ahead of Black Friday, as Account Takeovers increased by 29%. Combined with the overall rise in events that began in early October, this further demonstrates one of the key trends highlighted in Imperva’s The State of Security Within eCommerce in 2022 Report – early holiday shopping. The report predicted attackers will catch up with shoppers looking for early holiday savings and a better selection of items, and that in turn, we will see an increase in attacks around mid to late October.

It wasn’t all about shopping

Another major event that has captured the attention of millions around the globe is the World Cup football tournament. As is the case with many other major sporting events, sports betting websites are bound to see an increase in user activity and transactions – Forbes has reported that gamblers are expected to wager more than $160 billion during the tournament. This makes sports betting websites a hot target for bad actors attempting to take over user accounts for the various forms of currency stored within them.

While the games have only officially kicked off on Sunday, November 20th, Account Takeover attacks have been rampant as early as the first week of November, as can be seen represented by the spikes in the chart below. As we neared the kickoff date, the frequency of attacks has increased, and so has their intensity, spiking some 27% on November 21st and peaking on November 25th.

Mitigate the risk of Account Takeover with Imperva

Imperva provides login protection without affecting your legitimate user traffic and with no added latency. Account Takeover Protection enables fraudulent behavior investigation and detection by bringing the focus to the login functionality as a whole. Utilizing a proprietary, multilayered detection process, it accurately determines if the interactions with your website have the characteristics of an account takeover attempt with pinpoint accuracy, stopping malicious account takeover attacks before they even have a chance to reach your infrastructure. The intuitive dashboards provide clear visibility and actionable insights into attack attempts, leaked user credentials, compromised user accounts, and successful login attempts, while user behavior anomaly detection points out accounts at risk of fraudulent activity.

Account Takeover Protection is part of Imperva’s market-leading Web Application & API Protection (WAAP) solution. Start your Application Security Free Trial today to protect your login pages.