March 16, 2017
A common tactic for fraudsters leveraging account takeover or account creation fraud is to “age” the accounts before monetizing them. Now, thanks to a new report, we have a better idea of how long compromised accounts can lie dormant before being activated. Forty-four percent of compromised accounts eventually used to commit fraud sleep for at least seven days before an attack, according to a report from antifraud technology provider DataVisor. The Mountain View, Calif.-based company said 37 percent of these accounts, which they have dubbed “sleeper cell” accounts, are not used by the fraudster for at least three months. Some are aged years, becoming inherently more trusted by merchants and fraud prevention systems.
“The fraudsters are becoming adept at looking like normal users,” said Yinglian Xie, CEO and co-founder of DataVisor, “and it’s clear from our research that they are increasingly sophisticated and using the latest technologies available to skirt detection.”
DataVisor analyzed more than one billion customer accounts and found 50 million malicious ones. The company also found overwhelmingly that fraudsters prefer to engage in account takeover and account creation fraud from desktops, where 82 percent of fraudulent accounts are created, compared to 18 percent from mobile devices. Also, as might be expected, the majority of fraudulent accounts—53 percent—are registered with Gmail, Yahoo or Microsoft email addresses.
- ATOs and Account Creation Fraud