GITNUX MARKETDATA REPORT 2024

Must-Know Account Takeover Statistics [Latest Report]

Highlights: The Most Important Account Takeover Statistics

  • Financial services firms witnessed 72% of all account takeover attacks in 2020.
  • In Q2 2021, account takeover incidents increased by 282% compared to the previous year.
  • In 2020, e-commerce companies took an average of 250 hours to recover from account takeovers.
  • In 2021, account takeovers were responsible for 20% of data breaches in the U.S.
  • Account takeovers cost consumers and businesses over $5.1 billion in 2019.
  • In 2018, business email compromise (BEC) and account takeovers accounted for 48% of all fraud-related financial losses.
  • 75% of all “credential stuffing” attacks are primary drivers of account takeovers.
  • Mobile account takeover attacks increased by more than 200% in 2020.
  • Account takeover fraud is expected to grow to $16.8 billion globally by 2025.
  • More than 50% of websites have suffered from an account takeover attack in the past year.
  • In 2020, organizations experienced an average of 3 account takeover attempts per month.
  • Over 69% of surveyed financial institutions saw an increase in account takeovers since the start of the COVID-19 pandemic.
  • In 2019, 63% of account takeovers originated from phishing attacks targeted at middle market companies.
  • In the first half of 2020, there were 1,500 reported account takeover cases in the UK financial services industry.

Table of Contents

Account takeover fraud is escalating. CyberNews reported a 250% surge in 2020. Financial firms saw 72% of these attacks, with a 282% rise in Q2 2021. E-commerce needed 250 hours on average for recovery, while half the organizations faced brute force attacks. In 2021, 20% of data breaches were due to account takeovers, costing over $5.1 billion in 2019. Business email compromise (BEC) made up 48% of fraud losses, with mobile takeovers increasing over 200%.

Phishing led to significant losses, with 1,500 cases reported in the UK financial sector since January 2020, costing US citizens $1 billion last year. Strengthening security against phishing and using multi-factor authentication are key preventive steps. Let’s delve into the critical statistics about account takeover fraud.

The Most Important Statistics
Financial services firms witnessed 72% of all account takeover attacks in 2020.

This statistic is a stark reminder of the prevalence of account takeover attacks in the financial services sector. It highlights the need for financial services firms to take proactive steps to protect their customers from these malicious attacks. It also serves as a warning to other industries that account takeover attacks are a real threat and should not be taken lightly.

In Q2 2021, account takeover incidents increased by 282% compared to the previous year.

This statistic is a stark reminder of the growing threat of account takeover incidents. It highlights the need for organizations to take proactive steps to protect their customers and their data from malicious actors. The 282% increase in incidents over the previous year is a clear indication that account takeover is a serious problem that needs to be addressed.

Account Takeover Statistics Overview

In 2020, e-commerce companies took an average of 250 hours to recover from account takeovers.

This statistic is a stark reminder of the amount of time and resources that e-commerce companies must dedicate to recovering from account takeovers. It highlights the importance of having robust security measures in place to protect customer accounts and the need for companies to be prepared to respond quickly and effectively to any account takeover attempts.

In 2021, account takeovers were responsible for 20% of data breaches in the U.S.

This statistic is a stark reminder of the prevalence of account takeovers in the U.S., and how they are a major contributor to data breaches. It highlights the importance of taking steps to protect accounts from takeover attempts, and the need for organizations to be aware of the risks posed by account takeovers.

Account takeovers cost consumers and businesses over $5.1 billion in 2019.

This statistic is a stark reminder of the immense financial burden account takeovers have placed on consumers and businesses alike. It serves as a powerful illustration of the need for increased security measures to protect against these costly attacks.

In 2018, business email compromise (BEC) and account takeovers accounted for 48% of all fraud-related financial losses.

This statistic is a stark reminder of the devastating effects of account takeovers. It highlights the fact that BEC and account takeovers are responsible for almost half of all fraud-related financial losses, making them one of the most significant threats to businesses today. It is a call to action for businesses to take the necessary steps to protect themselves from these types of attacks.

75% of all “credential stuffing” attacks are primary drivers of account takeovers.

This statistic is a stark reminder of the prevalence of credential stuffing attacks as a primary cause of account takeovers. It highlights the importance of taking proactive steps to protect accounts from these malicious activities, as they are responsible for the majority of account takeovers.

Mobile account takeover attacks increased by more than 200% in 2020.

This statistic is a stark reminder of the growing threat of mobile account takeover attacks in 2020. It highlights the need for organizations to take proactive steps to protect their customers’ accounts from malicious actors. By understanding the magnitude of this issue, organizations can better equip themselves to combat the rising tide of account takeover attacks.

Account takeover fraud is expected to grow to $16.8 billion globally by 2025.

This statistic is a stark reminder of the growing threat of account takeover fraud. With the projected growth of $16.8 billion globally by 2025, it is clear that this type of fraud is becoming increasingly prevalent and is something that needs to be taken seriously. It is essential that businesses and individuals alike take the necessary steps to protect themselves from this type of fraud.

More than 50% of websites have suffered from an account takeover attack in the past year.

This statistic is a stark reminder of the prevalence of account takeover attacks in the modern digital landscape. It serves as a warning to website owners that they must take the necessary steps to protect their accounts from malicious actors. It also highlights the importance of staying up-to-date with the latest security measures and best practices to ensure that their accounts remain secure.

In 2020, organizations experienced an average of 3 account takeover attempts per month.

This statistic is a stark reminder of the prevalence of account takeover attempts in 2020. It highlights the need for organizations to remain vigilant and take proactive steps to protect their accounts from malicious actors. By understanding the average number of attempts, organizations can better prepare themselves to detect and respond to these threats.

Over 69% of surveyed financial institutions saw an increase in account takeovers since the start of the COVID-19 pandemic.

This statistic is a stark reminder of the reality that account takeovers have become increasingly prevalent since the onset of the COVID-19 pandemic. It serves as a warning to financial institutions and consumers alike that they must remain vigilant in protecting their accounts from malicious actors. The statistic also highlights the need for financial institutions to invest in more robust security measures to protect their customers’ accounts.

In 2019, 63% of account takeovers originated from phishing attacks targeted at middle market companies.

This statistic is a stark reminder of the prevalence of phishing attacks targeting middle market companies. It highlights the need for organizations of all sizes to be vigilant in their security measures and to take proactive steps to protect their accounts from malicious actors. It also serves as a warning to middle market companies to be especially aware of the risks posed by phishing attacks and to take the necessary steps to protect their accounts.

In the first half of 2020, there were 1,500 reported account takeover cases in the UK financial services industry.

This statistic is a stark reminder of the prevalence of account takeover cases in the UK financial services industry. It highlights the need for increased vigilance and security measures to protect customers from this type of fraud. It also serves as a warning to financial institutions to take proactive steps to protect their customers from account takeover. This statistic is a powerful reminder of the importance of staying informed and taking the necessary steps to protect yourself from account takeover.

Conclusion

Account takeovers are a growing problem for businesses and consumers alike. The statistics show that account takeover fraud surged by 250% year-over-year in 2020, with financial services firms witnessing 72% of all attacks. In Q2 2021, incidents increased by 282%, while e-commerce companies took an average of 250 hours to recover from them. Brute force techniques were responsible for 1 in 2 organizations facing account takeovers last year, and they accounted for 20% of data breaches in the U.S., costing over $5 billion globally in 2019 alone. BEC and ATOs also made up 48% of all fraud losses that same year, increasing 330% across European markets since then as well as 200+ percent on mobile devices during 2020 – 75% due to credential stuffing attempts – 19 % linked to phishing emails sent out throughout the previous 12 months; 63 % targeted at middle market companies this time two years ago; 80 % seeing fraudulent transactions within minutes or hours after being taken over; 1 500 reported cases only half way through last year here in Britain’s finance sector. All these figures point towards one thing: Account Takeover Fraud is becoming increasingly dangerous and insidious – something we must be aware off if we want our accounts safe from malicious actors looking to exploit us financially or otherwise.

References

0. – https://www.www.helpnetsecurity.com

1. – https://www.securityscorecard.com

2. – https://www.www.comsuregroup.com

3. – https://www.www.marketintelligencedata.com

4. – https://www.www.fbinaa.org

5. – https://www.securityboulevard.com

6. – https://www.www.bankinfosecurity.com

7. – https://www.www.cyberscoop.com

8. – https://www.www.lexisnexis.com

9. – https://www.www.infosecurity-magazine.com

10. – https://www.www.incognia.com

11. – https://www.www.travelers.com

12. – https://www.www.javelinstrategy.com

13. – https://www.www.fiserv.com

 

FAQs

What is account takeover (ATO) and how does it occur?

Account takeover is a form of fraud or cybercrime where an attacker gains unauthorized access to a victim's online account, often by exploiting compromised login credentials. This can happen through practices like phishing attacks, data breaches, or the use of malware to collect user information.

What are the common consequences of account takeovers for individuals and businesses?

Consequences of account takeovers can include unauthorized financial transactions, identity theft, stolen sensitive data, damage to personal or business reputation, loss of customer trust, and financial losses due to fraud or recovery efforts.

Can you mention some common techniques used by cybercriminals to execute account takeover attacks?

Common techniques include phishing (fraudulent emails or messages), credential stuffing (using stolen credentials on multiple websites), social engineering (manipulating the user into revealing information), brute force attacks (attempting numerous possible password combinations), and keylogging (using malware to track keystrokes).

What preventive measures can individuals and businesses take to minimize the risk of account takeover attacks?

Preventive measures include using strong and unique passwords, enabling multi-factor authentication (MFA), monitoring account activity for suspicious actions or login attempts, regularly updating software and security systems, employing anti-malware and anti-virus software, and educating users about potential threats and safe online practices.

How can organizations identify and respond to account takeover attacks more effectively?

Organizations can enhance their account takeover detection and response through continuous monitoring of user behavior and login patterns, leveraging advanced analytics and machine learning algorithms to identify anomalies, using IP reputation and geo-location data to detect suspicious login attempts, and having a well-defined incident response plan that outlines the necessary steps to mitigate the impact and prevent future occurrences.

How we write our statistic reports:

We have not conducted any studies ourselves. Our article provides a summary of all the statistics and studies available at the time of writing. We are solely presenting a summary, not expressing our own opinion. We have collected all statistics within our internal database. In some cases, we use Artificial Intelligence for formulating the statistics. The articles are updated regularly.

See our Editorial Process.

Table of Contents