Fraud influencers, phishing and scams — account takeovers are on the rise
Oct 12, 2023

Fraud influencers, phishing and scams — account takeovers are on the rise

Brittany Allen, a trust and safety architect at Sift, says 2023 has become the year of account takeovers.

Whether it’s for travel, meals or event tickets, it’s hard to deny the allure of a good deal. And providing discounts through fraudulent means is a thriving business online.

Once mostly relegated to the far reaches of the dark web, fraudsters now are offering questionable deals to consumers on mainstream social media sites and messaging apps. That’s according to the online fraud prevention company Sift.

Part of the scam is what’s called an account takeovers, or ATOs. Marketplace’s Lily Jamali spoke with Brittany Allen, a trust and safety architect with Sift, about why ATOs are increasing.

The following is an edited transcript of their conversation

Brittany Allen: We’re finding that you could pretty much call 2023 the year of ATOs, because we saw ATO attacks jump over 350% year over year in Q2 of 2023. Those are attempts that we’ve seen. So someone using stolen password and email address combinations, or password and user name combinations to attempt to enter an account. So that means that they already have that data on hand and they’re just trying to see where it works online.

Lily Jamali: Why do you think there is such a surge in these account takeover attempts right now?

Allen: We saw some of the surges in prior years tied to specific events like the [COVID-19] pandemic. So we saw spikes in the targeting of hotel accounts or airline accounts. Fraudsters knew they wouldn’t get caught there if they went in and saw what the balances were and maybe transferred the points elsewhere. But what we’re seeing right now is just a general acknowledgement of how valuable these accounts can be, especially when they’re in the hands of fraudsters who have spent many years building up their skills at providing, let’s say, things like fraud as a service, where they’re able to make purchases on behalf of a customer base and use stolen accounts and stolen payment methods to build an entire business.

Jamali: And what happens to these hacked accounts typically?

Allen: So when a fraudster gets access to stolen credentials, they can either use it for their own use, or they can package those accounts and sell them on to others for use. It really just depends on what their specialty is and what their end goal is for monetizing these accessed accounts. But in the end, the account holder is going to be left with a used credit card with purchases they don’t recognize. They are somehow going to be financially impacted by this account takeover.

Jamali: Now, a part of why account takeovers went up, according to your report, is due to what’s referred to as fraud influencers. Can you explain what that is?

Allen: I can do my best as an elder millennial to explain what fraud influencers are. So on social media platforms, let’s say TikTok, for example, you’ll have a generation of users that are more and more likely to use those as their search functionality and searching just for, let’s say, “free food hack,” something pretty innocent. But instead, what they are very easily able to find would be the content put on those platforms by fraud influencers — those who are selling stolen credit cards, and in case of what we reported on, selling stolen accounts through which those purchases can be made, or even making the “fraud as a service” postings where they say, “If you just pay me 10% or 20% of the value of the item you want, I’ll make the purchase for you. And you’ll get the item, everything will be done very easily.” The fraudster there is not as concerned about getting his likes or his follows there. He’s usually redirecting the people he’s targeting to other services, but they still are able to use social media to target a new audience of potential customers.

Jamali: And last thing, how has generative AI played a role in all of this, this increase that you’re reporting?

Allen: So AI is useful for fraudsters who want to write convincing phishing emails, spam emails, social media posts, and it can even help them commit fraud in languages that they don’t speak. Now, when we’re talking about the types of AI like generative deepfakes or, you know, a fake voice, that instance is one where you’ll see that most commonly used by fraudsters who are targeting, let’s say, one particular persona to hit as many potential victims as possible. I’d be unlikely to have a fraudster use AI to do a deepfake of my brother, then try to trick me into sending $300 to him, because he is marooned in the outback of Australia, or whatever the story would be, because I’m just one potential victim and that’s a lot of work to mimic my brother. However, if I’m a celebrity and I have tons of online followers, it might be worth it for them to create a deepfake of me, asking people to donate to a charity that doesn’t really exist, and then taking those proceeds and running with them.

More on this

You can read Sift’s most recent Digital Trust and Safety Index here.

And here are some tips to avoid getting hacked, like using strong passwords and multifactor authentication tools.

Believe it or not, the decades-old practice of phishing, which involves getting people to click on unfamiliar links, is still around.

Last month, a hacker managed to takeover the X account of Vitalik Buterin, creator of the cryptocurrency ethereum. The scammer then stole $691,000 from Buterin’s followers with one simple, malicious link posted to his feed.

The future of this podcast starts with you.

Every day, the “Marketplace Tech” team demystifies the digital economy with stories that explore more than just Big Tech. We’re committed to covering topics that matter to you and the world around us, diving deep into how technology intersects with climate change, inequity, and disinformation.

As part of a nonprofit newsroom, we’re counting on listeners like you to keep this public service paywall-free and available to all.

Support “Marketplace Tech” in any amount today and become a partner in our mission.

The team

Daisy Palacios Senior Producer
Daniel Shin Producer
Jesús Alvarado Associate Producer
Rosie Hughes Assistant Producer