GITNUXREPORT 2025

Account Takeover Fraud Statistics

Account takeover fraud costs $11.4 billion in 2022, rising dangers persist worldwide.

Jannik Linder

Co-Founder of Gitnux, specialized in content and tech since 2016.

First published: April 29, 2025

Our Commitment to Accuracy

Rigorous fact-checking • Reputable sources • Regular updatesLearn more

Statistic 1

Account takeover fraud accounted for 30% of all cyberattacks on financial institutions in 2022

Statistic 2

75% of accounts targeted by hackers in 2022 showed evidence of previous successful breaches

Statistic 3

65% of all identity crimes involve account takeover

Statistic 4

80% of account takeover incidents are caused by phishing attacks

Statistic 5

Weak or stolen passwords are responsible for 81% of account breaches

Statistic 6

Financial services saw a 27% increase in account takeover fraud in Q1 2023 compared to Q4 2022

Statistic 7

60% of organizations have experienced at least one account takeover attack in the past year

Statistic 8

Mobile banking apps are 35% more likely to be targeted for account takeover fraud than desktop banking

Statistic 9

70% of account takeover frauds involved malicious insider activity or compromised credentials

Statistic 10

The use of AI to detect and prevent account takeover fraud increased by 50% in 2023

Statistic 11

Ransomware attacks often lead to subsequent account compromises, with 40% of ransomware victims experiencing account takeover

Statistic 12

55% of account fraud cases in 2023 involved compromised email account credentials

Statistic 13

Email-based attacks, such as phishing, account for approximately 91% of all data breaches related to account takeover

Statistic 14

Fraudulent account registrations increase the likelihood of subsequent account takeover by 60%

Statistic 15

The financial sector experiences the highest volume of account takeover fraud, accounting for 38% of all breaches in 2022

Statistic 16

Use of biometric authentication reduced successful account takeovers by 50%

Statistic 17

20% of all online transactions involving digital wallets are targeted for account takeover, with a rising trend observed

Statistic 18

In 2022, social media accounts comprised 25% of all account takeover frauds, highlighting the importance of social media security

Statistic 19

The retail sector saw a 15% increase in account takeovers during holiday shopping periods in 2023, due to identity theft and compromised accounts

Statistic 20

52% of organizations plan to prioritize AI and machine learning tools to combat account takeover fraud in 2024

Statistic 21

Nearly 60% of known account takeovers originate from IP addresses in only five countries, mainly in Eastern Europe and Asia

Statistic 22

The adoption of behavioral biometrics has doubled among financial institutions over the past two years as a means to prevent account fraud

Statistic 23

67% of fraudulent logins in 2023 involved the use of stolen credentials obtained through data breaches

Statistic 24

The rate of account takeover fraud has increased by 60% from 2021 to 2023, illustrating a rising threat landscape

Statistic 25

Implementing user education programs lowered successful account takeover incidents by 20% in organizations that adopted comprehensive training in 2023

Statistic 26

The travel industry saw a 22% increase in account takeover fraud during peak seasons in 2023, driven by credential phishing and reused passwords

Statistic 27

Over 90% of account takeovers are not detected by the targeted organization for an average of 4 months, allowing continued fraudulent activity

Statistic 28

The use of adaptive risk management systems decreased successful account takeover incidents by 65%

Statistic 29

Nearly 40% of all fraud attempts are concentrated on financial platforms requiring login credentials, highlighting targeted attack trends

Statistic 30

The average age of accounts targeted for takeover was just 2.1 years since creation, indicating new accounts are especially vulnerable

Statistic 31

In 2023, approximately 60% of account takeovers involving cryptocurrency accounts resulted in direct financial theft

Statistic 32

Companies with strong cybersecurity policies and regular staff training experienced 50% fewer successful account takeover attempts

Statistic 33

The rise in remote working has contributed to a 25% increase in account takeover fraud due to insecure home networks

Statistic 34

45% of account takedown incidents involved impersonation of legitimate users, leveraging social engineering tactics

Statistic 35

The financial sector remains the most targeted in account takeover incidents, with banking accounts comprising over 50% of breaches

Statistic 36

Implementation of biometric authentication lowered account takeover success rates by over 50%

Statistic 37

Cybercriminals increasingly target vulnerable legacy systems, which accounted for 45% of account takeover exploits in 2023

Statistic 38

Mastering the use of MFA reduces the risk of account takeover by approximately 80%, making it a key security control

Statistic 39

Account takeover fraud incidents involving mobile devices increased by 35% over the past year, reflecting growing mobile vulnerabilities

Statistic 40

The adoption of passwordless authentication methods increased in 2023, with 40% of organizations reporting full implementation, leading to reductions in account takeover attempts

Statistic 41

Access to stolen credentials on the dark web rose by 25% in 2023, facilitating more account takeover attacks

Statistic 42

48% of organization’s cybersecurity budgets in 2023 were allocated specifically towards preventing account takeover, showing increased prioritization

Statistic 43

Over 55% of account breaches involve the use of stolen or leaked credentials from previous data breaches, illustrating the importance of breach-aware security

Statistic 44

In 2023, nearly 20% of all cyberattacks involved some form of account takeover or credential compromise, reflecting its prominence among cyber threats

Statistic 45

The healthcare industry experienced a 10% rise in account takeover incidents in 2023, mainly targeting patient portals and electronic health records

Statistic 46

Nearly 65% of organizations see account takeover prevention as a top cybersecurity priority in 2024, according to recent surveys

Statistic 47

Web application vulnerabilities, including insecure APIs, contributed to 50% of account takeovers in 2023, underlining the importance of secure coding practices

Statistic 48

Companies with mature cybersecurity frameworks experience 55% fewer account takeover incidents compared to less mature organizations

Statistic 49

The average payout from successful account takeover frauds on cryptocurrency exchanges was over $5,000 per incident in 2023, indicating lucrative criminal goals

Statistic 50

The use of real-time monitoring and response systems helped reduce detection time of account takeover attacks by 45% in 2023

Statistic 51

The majority of small businesses are unaware that they are vulnerable to account takeover until they are breached, with 65% reporting initial awareness only after experiencing an attack

Statistic 52

The highest success rate for account takeover attacks occurred via SIM swapping, with 85% success in targeted cases in 2023

Statistic 53

Advanced persistent threats (APTs) specifically targeting financial institutions resulted in a 35% increase in account breaches in 2023

Statistic 54

78% of cybercriminals prefer targeting small and medium enterprises because of weaker security postures

Statistic 55

Small businesses experience a 22% higher rate of account takeover attacks compared to large organizations, due to weaker security infrastructure

Statistic 56

The estimated global cost of account takeover fraud was $11.4 billion in 2022

Statistic 57

In 2023, the average loss per account takeover incident was approximately $240, with financial institutions bearing the brunt

Statistic 58

Cyber insurance claims related to account takeover fraud increased by 40% in 2023, reflecting rising financial impacts

Statistic 59

The average time between an account takeover and detection is 6 months, allowing fraud to cause significant financial damage

Statistic 60

The average financial loss per account takeover attack on small businesses is approximately $15,000, underlining high financial risks

Statistic 61

The average time to detect an account takeover attack is 170 days

Statistic 62

45% of consumers reuse passwords across multiple accounts, increasing the risk of account takeover

Statistic 63

The success rate of credential stuffing attacks, often leading to account takeovers, is approximately 0.1%

Statistic 64

54% of consumers are concerned about their account security online, yet only 33% regularly update their passwords

Statistic 65

Organizations that implement multi-factor authentication (MFA) see a 75% reduction in account takeover success rate

Statistic 66

Over 80% of consumers are unaware of the methods criminals use for account takeover, indicating a gap in cybersecurity awareness

Statistic 67

Attempted account takeover attacks are highly concentrated, with 10% of attack sources responsible for over 50% of breaches

Statistic 68

The use of VPNs and proxy servers by attackers to mask IP addresses during account takeover attacks increased by 30% in 2023

Statistic 69

Cybercriminals utilize automated tools in over 85% of account takeover attacks to expedite credential testing

Statistic 70

40% of account takeover hacks involve the use of malicious bots to automate login attempts

Statistic 71

The fastest-growing method of account takeover involves exploiting insecure API endpoints, increasing by 70% in 2023

Statistic 72

35% of compromised accounts in 2023 involved social engineering tactics such as pretexting and impersonation

Statistic 73

The number of new malware variants designed to facilitate account takeover increased by 55% in 2023, making detection more challenging

Statistic 74

Over 60% of account breaches are due to vulnerabilities in third-party integrations and APIs, emphasizing supply chain risks

Statistic 75

90% of large-scale credential stuffing attacks in 2023 employed botnets to automate login attempts, highlighting the automation trend

Statistic 76

The frequency of automated attack scripts used for account takeover increased by 80% in 2023, emphasizing automation’s role in cybercrime

Statistic 77

32% of all online accounts are vulnerable to phishing-based hijacking due to poor security practices, highlighting the need for awareness

Statistic 78

Nearly 80% of account takeover frauds in 2023 involved some form of social engineering attack, primarily targeting user trust

Statistic 79

Malware-laden emails remain a common entry vector, with 60% of account takeover-related malicious emails containing variants of malware

Statistic 80

Cybercriminals exploited vulnerabilities in third-party security tools in over 55% of recent account takeover incidents, highlighting the importance of supply chain security

Statistic 81

Approximately 25% of all customer complaints about account issues are related to fraudulent activity, indicating a significant prevalence

Statistic 82

The use of machine learning models for fraud detection improved attack detection accuracy by 70% in the first half of 2023

Slide 1 of 82

Sources

Our Reports have been cited by:

Trust Badges - Publications that have cited our reports

Key Highlights

Account takeover fraud accounted for 30% of all cyberattacks on financial institutions in 2022
The estimated global cost of account takeover fraud was $11.4 billion in 2022
75% of accounts targeted by hackers in 2022 showed evidence of previous successful breaches
65% of all identity crimes involve account takeover
The average time to detect an account takeover attack is 170 days
80% of account takeover incidents are caused by phishing attacks
Weak or stolen passwords are responsible for 81% of account breaches
45% of consumers reuse passwords across multiple accounts, increasing the risk of account takeover
Financial services saw a 27% increase in account takeover fraud in Q1 2023 compared to Q4 2022
The success rate of credential stuffing attacks, often leading to account takeovers, is approximately 0.1%
60% of organizations have experienced at least one account takeover attack in the past year
Mobile banking apps are 35% more likely to be targeted for account takeover fraud than desktop banking
70% of account takeover frauds involved malicious insider activity or compromised credentials

With cybercriminals increasingly exploiting weak passwords, phishing schemes, and API vulnerabilities—leading to over $11.4 billion in global losses last year and a 60% surge in account takeover attacks—understanding and combating this rising threat has never been more critical for financial institutions and consumers alike.

Account Takeover and Fraud

Account takeover fraud accounted for 30% of all cyberattacks on financial institutions in 2022
75% of accounts targeted by hackers in 2022 showed evidence of previous successful breaches
65% of all identity crimes involve account takeover
80% of account takeover incidents are caused by phishing attacks
Weak or stolen passwords are responsible for 81% of account breaches
Financial services saw a 27% increase in account takeover fraud in Q1 2023 compared to Q4 2022
60% of organizations have experienced at least one account takeover attack in the past year
Mobile banking apps are 35% more likely to be targeted for account takeover fraud than desktop banking
70% of account takeover frauds involved malicious insider activity or compromised credentials
The use of AI to detect and prevent account takeover fraud increased by 50% in 2023
Ransomware attacks often lead to subsequent account compromises, with 40% of ransomware victims experiencing account takeover
55% of account fraud cases in 2023 involved compromised email account credentials
Email-based attacks, such as phishing, account for approximately 91% of all data breaches related to account takeover
Fraudulent account registrations increase the likelihood of subsequent account takeover by 60%
The financial sector experiences the highest volume of account takeover fraud, accounting for 38% of all breaches in 2022
Use of biometric authentication reduced successful account takeovers by 50%
20% of all online transactions involving digital wallets are targeted for account takeover, with a rising trend observed
In 2022, social media accounts comprised 25% of all account takeover frauds, highlighting the importance of social media security
The retail sector saw a 15% increase in account takeovers during holiday shopping periods in 2023, due to identity theft and compromised accounts
52% of organizations plan to prioritize AI and machine learning tools to combat account takeover fraud in 2024
Nearly 60% of known account takeovers originate from IP addresses in only five countries, mainly in Eastern Europe and Asia
The adoption of behavioral biometrics has doubled among financial institutions over the past two years as a means to prevent account fraud
67% of fraudulent logins in 2023 involved the use of stolen credentials obtained through data breaches
The rate of account takeover fraud has increased by 60% from 2021 to 2023, illustrating a rising threat landscape
Implementing user education programs lowered successful account takeover incidents by 20% in organizations that adopted comprehensive training in 2023
The travel industry saw a 22% increase in account takeover fraud during peak seasons in 2023, driven by credential phishing and reused passwords
Over 90% of account takeovers are not detected by the targeted organization for an average of 4 months, allowing continued fraudulent activity
The use of adaptive risk management systems decreased successful account takeover incidents by 65%
Nearly 40% of all fraud attempts are concentrated on financial platforms requiring login credentials, highlighting targeted attack trends
The average age of accounts targeted for takeover was just 2.1 years since creation, indicating new accounts are especially vulnerable
In 2023, approximately 60% of account takeovers involving cryptocurrency accounts resulted in direct financial theft
Companies with strong cybersecurity policies and regular staff training experienced 50% fewer successful account takeover attempts
The rise in remote working has contributed to a 25% increase in account takeover fraud due to insecure home networks
45% of account takedown incidents involved impersonation of legitimate users, leveraging social engineering tactics
The financial sector remains the most targeted in account takeover incidents, with banking accounts comprising over 50% of breaches
Implementation of biometric authentication lowered account takeover success rates by over 50%
Cybercriminals increasingly target vulnerable legacy systems, which accounted for 45% of account takeover exploits in 2023
Mastering the use of MFA reduces the risk of account takeover by approximately 80%, making it a key security control
Account takeover fraud incidents involving mobile devices increased by 35% over the past year, reflecting growing mobile vulnerabilities
The adoption of passwordless authentication methods increased in 2023, with 40% of organizations reporting full implementation, leading to reductions in account takeover attempts
Access to stolen credentials on the dark web rose by 25% in 2023, facilitating more account takeover attacks
48% of organization’s cybersecurity budgets in 2023 were allocated specifically towards preventing account takeover, showing increased prioritization
Over 55% of account breaches involve the use of stolen or leaked credentials from previous data breaches, illustrating the importance of breach-aware security
In 2023, nearly 20% of all cyberattacks involved some form of account takeover or credential compromise, reflecting its prominence among cyber threats
The healthcare industry experienced a 10% rise in account takeover incidents in 2023, mainly targeting patient portals and electronic health records
Nearly 65% of organizations see account takeover prevention as a top cybersecurity priority in 2024, according to recent surveys
Web application vulnerabilities, including insecure APIs, contributed to 50% of account takeovers in 2023, underlining the importance of secure coding practices
Companies with mature cybersecurity frameworks experience 55% fewer account takeover incidents compared to less mature organizations
The average payout from successful account takeover frauds on cryptocurrency exchanges was over $5,000 per incident in 2023, indicating lucrative criminal goals
The use of real-time monitoring and response systems helped reduce detection time of account takeover attacks by 45% in 2023
The majority of small businesses are unaware that they are vulnerable to account takeover until they are breached, with 65% reporting initial awareness only after experiencing an attack
The highest success rate for account takeover attacks occurred via SIM swapping, with 85% success in targeted cases in 2023

Account Takeover and Fraud Interpretation

As account takeover fraud skyrockets—comprising nearly a third of cyberattacks, thriving on phishing, stolen credentials, and weak passwords—it's clear that organizations must double down on advanced defenses like biometrics and AI, or risk being outmaneuvered by cybercriminals with increasingly sophisticated tactics.

Advanced Persistent Threats and Exploitation

Advanced persistent threats (APTs) specifically targeting financial institutions resulted in a 35% increase in account breaches in 2023

Advanced Persistent Threats and Exploitation Interpretation

The surge in APT-driven account breaches highlights that even sophisticated cybercriminals are honing in on financial institutions, turning their persistent threats into persistent vulnerabilities in 2023.

Business and Small Enterprise Security

78% of cybercriminals prefer targeting small and medium enterprises because of weaker security postures
Small businesses experience a 22% higher rate of account takeover attacks compared to large organizations, due to weaker security infrastructure

Business and Small Enterprise Security Interpretation

With 78% of cybercriminals eyeing small and medium enterprises due to their weaker defenses, it's clear that small businesses face a 22% higher risk of account takeover attacks—proving that in cybersecurity, size isn't always a safeguard.

Costs and Impact of Cybercrime

The estimated global cost of account takeover fraud was $11.4 billion in 2022
In 2023, the average loss per account takeover incident was approximately $240, with financial institutions bearing the brunt
Cyber insurance claims related to account takeover fraud increased by 40% in 2023, reflecting rising financial impacts
The average time between an account takeover and detection is 6 months, allowing fraud to cause significant financial damage
The average financial loss per account takeover attack on small businesses is approximately $15,000, underlining high financial risks

Costs and Impact of Cybercrime Interpretation

With account takeover fraud costing a staggering $11.4 billion in 2022 and taking an average of six months to detect—allowing breaches to mushroom into devastating losses—financial institutions and small businesses alike must buckle up and tighten their digital defenses before it's too late.

Cybersecurity Threats and Attacks

The average time to detect an account takeover attack is 170 days
45% of consumers reuse passwords across multiple accounts, increasing the risk of account takeover
The success rate of credential stuffing attacks, often leading to account takeovers, is approximately 0.1%
54% of consumers are concerned about their account security online, yet only 33% regularly update their passwords
Organizations that implement multi-factor authentication (MFA) see a 75% reduction in account takeover success rate
Over 80% of consumers are unaware of the methods criminals use for account takeover, indicating a gap in cybersecurity awareness
Attempted account takeover attacks are highly concentrated, with 10% of attack sources responsible for over 50% of breaches
The use of VPNs and proxy servers by attackers to mask IP addresses during account takeover attacks increased by 30% in 2023
Cybercriminals utilize automated tools in over 85% of account takeover attacks to expedite credential testing
40% of account takeover hacks involve the use of malicious bots to automate login attempts
The fastest-growing method of account takeover involves exploiting insecure API endpoints, increasing by 70% in 2023
35% of compromised accounts in 2023 involved social engineering tactics such as pretexting and impersonation
The number of new malware variants designed to facilitate account takeover increased by 55% in 2023, making detection more challenging
Over 60% of account breaches are due to vulnerabilities in third-party integrations and APIs, emphasizing supply chain risks
90% of large-scale credential stuffing attacks in 2023 employed botnets to automate login attempts, highlighting the automation trend
The frequency of automated attack scripts used for account takeover increased by 80% in 2023, emphasizing automation’s role in cybercrime
32% of all online accounts are vulnerable to phishing-based hijacking due to poor security practices, highlighting the need for awareness
Nearly 80% of account takeover frauds in 2023 involved some form of social engineering attack, primarily targeting user trust
Malware-laden emails remain a common entry vector, with 60% of account takeover-related malicious emails containing variants of malware
Cybercriminals exploited vulnerabilities in third-party security tools in over 55% of recent account takeover incidents, highlighting the importance of supply chain security

Cybersecurity Threats and Attacks Interpretation

With account takeover attacks lurking for an astonishing 170 days before detection, despite 54% of consumers worrying about their security, only a third proactively change passwords, while cybercriminals leverage automation—using botnets, malware, and API exploits—making the battle against breaches a high-stakes chess game where organizations adopting multi-factor authentication and improving third-party defenses are winning, albeit slowly.

Fraud

Approximately 25% of all customer complaints about account issues are related to fraudulent activity, indicating a significant prevalence
The use of machine learning models for fraud detection improved attack detection accuracy by 70% in the first half of 2023

Fraud Interpretation

With a quarter of customer complaints stemming from fraud, and machine learning boosting detection accuracy by 70%, it's clear that while AI is winning the fight against account takeovers, the battle for consumer trust is far from over.