Account takeovers have always been a threat to merchants, but the Covid-driven digital acceleration created perfect conditions for attacks to thrive. Not only were fraudsters given more time at home to focus on attacks, but the number of potential victims increased, as customers had to work, play and shop online.

Account takeovers are one of the fastest growing threats to your business. The Account Takeover Update 2021 reveals that half of merchants noticed an increase in attacks in the past year, and an average merchant experiences around one high-impact attack per week, resulting in eye-watering revenue losses and irreparable brand damage.

All businesses with customer accounts are at risk of account takeovers, but some merchants are more vulnerable to attacks than others. Let’s look at how Covid amplifies the threat of account takeovers to understand if your business could be at risk…

What attracts fraudsters to specific accounts?

Out of all industries, online gaming, travel, taxi/cab, food delivery and grocery merchants experience the most account takeover attacks. These accounts may not seem especially lucrative or valuable, but sophisticated attackers have been profiting from them during the pandemic.

What features make an account a hot target?

• Non physical goods: digital goods appeal to account takeover attackers, as products can be easily sold online without the operational effort of reselling physical goods.

• Instant purchases: instant purchases are faster to monetise.

• High-demand: sought after goods are naturally easier for fraudsters to sell.

These features have always been attractive to fraudsters, but here’s why Covid-19 intensified attacks against these specific accounts...

Online gaming

How did Covid escalate attacks against online gaming accounts?

Covid-19 caused online gaming sales to sky-rocket, as customers were in need of indoor digital entertainment, and ways to virtually connect with others. But, the growth in users and demand caused digital goods merchants to experience a massive increase in account takeover activity.

Why are online gaming accounts lucrative?

Online gaming accounts are non-physical goods, so are easy for attackers to resell. Plus, attackers can steal in-game currency on some platforms. Gaming platform Steam saw valuable digital trading cards being sold on their Community Market for hundreds of dollars.

Attackers target Fortnite V-bucks in-game currency

World-leading online game Fortnite offers an in-game currency called V-Bucks that attracts attackers. They can resell V-Bucks or use them as bait in phishing attacks: “enter your details to win free V-Bucks!” Shortly after the game’s release, 4,770 fraudulent Fortnite websites and 1,390 related videos containing links to malware appeared online.

Gamers are becoming hyperaware of attacks

While Fornite has a loyal fanbase, if your business becomes a known target of account takeovers, it can massively impact customer trust. Around 33% of players now abstain from in-game purchases to avoid falling victim, creating a dent in sales. If customers feel unsafe, they can easily take their business elsewhere.

Travel

How did Covid make travel accounts more vulnerable?

Travel merchants were hard-hit by the pandemic, with several iconic travel brands going under and many facing huge levels of chargebacks due to global travel restrictions. Attackers targeted the weakened industry, as account takeovers increased for 48% of travel merchants mid pandemic.

Attackers hoard travel accounts while the industry is on pause

Attackers used the pandemic lull to hoard stolen travel accounts, waiting to strike when the industry takes off again. A significant industry data breach occurred in May 2021, impacting 1.35 million members from multiple global airlines. Sophisticated attackers are still ruthlessly targeting travel accounts, often to steal their airmiles or loyalty points.

Why are airmiles, rewards & loyalty points lucrative for attackers?

Airmiles, loyalty points and rewards points are gold-dust for account takeover attackers, as they are easy to access, and can be extremely profitable. One attacker bought a flatscreen TV from just one customer’s travel loyalty points. Victims don’t check their points regularly, so often fail to notice an attack, making it difficult for fraud teams to prevent them.

Taxi/cabs

Taxi/cab accounts were hit with one high-impact attack weekly

Taxi/cab firms struggled throughout the pandemic, as tourism paused and customers were encouraged to stay at home. Major cities saw taxi/cab traffic decrease, and a fifth of London’s black cabs were taken off the road. On top of sales plummeting, taxi/cabs experienced over one account takeover attack a week in 2020.

Why are attackers targeting taxi/cab accounts?

Taxi/cab accounts have always been a target as they are instant purchases, and account addresses can change without raising suspicion. Attackers often make money by reselling taxi/cab accounts to customers looking for a cheap ride.

Covid fears create a market for discounted taxi rides

The demand for discounted taxi rides may have unexpectedly risen due to Covid. Strapped-for-cash customers are in need of discounts, and many are reluctant to take public transport for fear of spreading Covid. Attackers can offer safe taxi rides for less money, and as hygiene remains a concern in 2021, the popularity of these reselling schemes could continue to rise.

Food delivery

How did the Covid-led food delivery boom impact attacks?

Covid-19 forced restaurants to close, and at-home food delivery boomed - Uber announced that food delivery revenue in Q4 2020 was up a huge 224% YoY. This boom intensified account takeover attacks as fraudsters could hide amongst increased transaction volumes and target new customer accounts.

The demand for “pizza plug” schemes is strong

Successful attackers can take over an account to order and resell food/drink at a discount to customers. Covid-19 increased the demand for discounts, boosting the popularity of “pizza plug” schemes, as Integrations Engineer, Bhavin Tailor explains in our recent account takeover webinar.

Fraudsters can resell and ship expensive items easily

Attackers can instantly purchase typically lucrative items like expensive alcohol on food delivery apps. One popular YouTube couple, Joel and Lia, had a £51.58 bottle of Ciroc vodka ordered on their account following a takeover. Fraudsters often trade expensive alcohol online, but account takeover eliminates the hassle of arranging delivery - the merchant does it for them.

Online groceries

How did online grocery accounts become a target in the pandemic?

Grocery merchants saw over 5 attacks per month - more than any other retailers. Covid-19 had a massive impact on this industry, causing huge spikes in online transaction volumes that overwhelmed teams. Plus, many grocery stores kept their doors open for essential trading, putting huge strains on fulfilment.

Many key UK grocery merchants had to limit orders to existing customers or those registered as ‘vulnerable’ to cope with the demand. It’s likely that these coveted accounts became account takeover targets.

Online grocery loyalty points offer additional value to attackers

Many grocery accounts store loyalty points that attackers can steal. UK grocery giant Tesco experienced mass account takeover attempts in May last year against Clubcard (loyalty point) holders, impacting 600,000 customers. Public attacks can cause customers to shop elsewhere - a massive concern for UK grocery merchants who are in an especially competitive market.

Are all merchants with customer accounts at risk?

Some merchants may have been targeted more heavily than others due to Covid-19, but account takeovers are increasing across all industries. All customer accounts can become high value to sophisticated fraudsters. If you think that your business is at risk of account takeovers, read our Account Takeover Update 2021.