Account takeover (ATO) is a form of identity theft that cyber criminals use to get unauthorized access to the accounts of legitimate users through some kind of brute force method such as Credential Stuffing.
In 2022, account takeover attacks are on the rise. In June for example, Imperva’s Threat Research Team announced a dramatic increase in the volume of ATO attacks targeting the financial services sector over the past year, with a significant 58 percent month-over-month growth in May 2022 alone.
A sizable part of this increase in the financial services sector is likely related to trending growth in Buy Now, Pay Later (BNPL), a payment option that lets consumers make digital purchases, receive the goods, and pay for them in pre-set periodic payments. It is an attractive option for online buyers because it gives them the flexibility to complete a purchase in interest-free installments. For more on how ATO attacks target BNPL, check out this post.
ATO attacks are certainly not limited to the financial services sector. In fact, they are up across all industry sectors. In this post, we’ll report the latest findings concerning ATO attack trends from the 2022 Imperva Bad Bot Report. We’ll also reveal which industries are grappling with the most ATO attack incidents overall.
Overall ATO attack trends
- Between January and December 2021, overall Account Takeover attacks increased 148 percent
- 64.1 percent of Account Takeover attacks in 2021 made use of advanced bad bots
- 55 percent of all Account Takeover attacks targeted the US
ATO attacks by industry
Any organization with a digital presence that offers a login page is at risk of account takeover attacks. Here are the top five targeted industries for ATO attacks:
| Financial Services | 34.6 percent |
| Travel | 23.2 percent |
| Computing and IT | 11.4 percent |
| Retail | 8.1 percent |
| Gaming & Gambling | 6.1 percent |
For a handy PDF showing these findings in a graphic format, download the infographic.
The unique threat ATO attacks present
Once a user’s account has successfully been taken over, attackers try to avoid any unusual activity that would signal a compromised account. Instead, they often try to change the account information, password, and even notifications so that the legitimate owner will not be aware of illicit activities happening with the account. ATO is a major threat to global organizations and their customers due to the financial losses triggered by ATO fraud and the cost of mitigating such attacks.
How to spot a spike in ATO attacks
Signs you might be facing a spike in ATO attacks include increases in customer account lockouts and in the number of customer service tickets. Also, if multiple users suddenly request a password change or if there is an accumulation of unsuccessful login attempts, these could be indicators of a compromised account. Similarly, if a user accesses a customer account in Europe, then tries to access it again 10 minutes later from North America, it is indicative of a potential account takeover attempt.
At the end of the day, preventing or spotting such behavior can only be achieved through continuous monitoring of all data repositories. Find out what it takes to consistently mitigate the threat of ATO attacks here.
Try Imperva for Free
Protect your business for 30 days on Imperva.
