According to a study by DataVisor, a California based start-up firm which is specialized in fraud detection, 65 percent of accounts which have experienced an account takeover attack when an unknown logged in with the username and password of the victim have been when the victim did not been access by their e- commerce or banking account in more than 90 days. When an account is not opened for a while, it is easier for cyber criminals to get into it and take what they want and get out before they are even caught.
Criminals gather usernames and passwords which have been leaked in previous breaches of popular websites. Then the criminals enter the information into automated tools, which submit these personal credentials into hundreds of apps. Successful hits give the crooks the means to rob money or hijack a social media platform or use the loyalty points if any. According to DataVisor’s report, “The takeover (and often the subsequent fraudulent activity) usually goes unnoticed by the dormant user, as they are not actively managing their account. Additionally, the online service where the account is registered may not have enough information about the user to detect that there is a change in the account behaviour. Without a track record of activity, it is more challenging to identify suspicious anomalies.”
The figures of DataVisor, included in the research give us the latest insight into how criminals use account takeover [ATO] attacks. Neither has the firm specified the time span for its research, nor has it disclosed the apps or services it has examined. A month-long time of keeping the e-commerce apps dormant is also a dangerous amount of time. 65 percent of the infected accounts were not accessed in 90 days and 80 percent belonged to victims who had not logged in to their page in more than 30 days. There have been two popular techniques for testing stolen usernames and password combinations, Credential stuffing and Password spraying. DataVisor researchers said, “Unlike normal human activities, which exhibit diurnal patterns corresponding to awake/sleeping hours, the scripted nature of the fraudulent activities means that they can take place at all hours of the day, consistently.”