Account takeover attacks spiked in 2020
Kaspersky has released the results of research into fraud detected by its Fraud Prevention platform in 2020, and the results further reinforce what we already knew: 2020 was a banner year for online fraudsters, with account takeovers dominating as the method of choice. Occurring whenever a bad actor is able to steal login credentials and seize control of an online account, takeover attacks rose from 34% of fraud detected by Kaspersky in 2019 to 54% by the end of December 2020.
Other methods of fraud were blips on the radar compared to account takeovers: The next most popular method, at just 16% of detected fraud, was money laundering/mule transactions, followed by new account fraud (14%), and a mere 12% of instances used remote access or hacking tools to accomplish their goals. In short, when it comes to fraud, account takeovers should be the No. 1 concern for individuals and businesses heading into 2021, especially as social distancing and remote work continue to be the norm.
Kaspersky makes several recommendations all online services and retailers should adopt to help stem the tide of account takeovers: Limit the number of times a transaction, such as logging in, can be attempted. Send out regular emails to customers warning them of the latest fraud trend. Annual security audits, along with penetration tests, should become standard practice. Have a team dedicated to fraud analysis that can keep up on trends and analyze attacks to find solutions. Implement multifactor authentication on all accounts.