Published: June 11, 2024
Reading time: 4 minute read
Written by: Doriel Abrahams

Account takeover never goes away. In fact, 70% of security leaders today view account takeover attacks as the greatest concern to their organizations. That’s more related to cybersecurity concerns than to fraud prevention, but the industry has repeatedly seen that compromised account details are often used for more than one purpose. When ATO is a problem in one area, it’s likely a sign that you must also guard against it elsewhere. 

Interestingly, as my recent research shows, how much ATO you’re likely to see against your business as a fraud fighter may depend on your industry and the time of year. This is particularly stark when looking at travel and physical goods.

Time to Attack Travel

When I started breaking down ATO by industry to look at the patterns, I didn’t really know what to expect, and I was surprised to see travel jump out at me so obviously. As you can see in this graph, fraudsters love to attack travel sites in the spring — there’s that spike around May, almost a 3x increase — and in time for the holiday season at the end of the year, where the risk is roughly doubled. 


I’m not saying that ATO attacks will disappear in the travel industry during the rest of the year because that’s definitely not the case. What is clear, though, is that fraudsters are sensitive to this industry’s seasonality, and it impacts their preferred attack type and time.

This is connected to the research I referenced a little while ago into the last-minute challenge that hospitality and travel companies face: that last-minute bookings are up to five times more dangerous than bookings for at least one week into the future. Given that, fraudsters are bound to want to exploit accounts most during the times of year when people are most likely to be traveling or planning to travel soon. 

During the busy seasons, customers are likely to log into accounts they might not have touched in a while because these are accounts that people only use when they’re planning a trip. That makes it even more difficult for fraud fighters to detect the difference between a returning user and ATO, especially since there’s an uptick in both customer interest and ATO. 

Physical Goods ATO Spikes

It’s a different story in physical goods, but the graph is just as interesting. As you can see, the most noticeable spike is around February, just after the start of the year. 

This stumped me until I remembered that accounts with loyalty programs attached are four to five times more likely to be targeted for fraud attacks than accounts not connected to a loyalty program.

It makes more sense in that context. Fraudsters know that many customers build up loyalty points over the holiday period because they’re shopping more for themselves or for gifts and perhaps benefit from seasonal offers. At the same time, many consumers receive gift cards as presents from friends and family during the holiday season.

So February is a great time for ATO — it’s when accounts are most likely to be all filled up and ready to go with goodies an unscrupulous actor can exploit — and fraudsters are, let’s face it, unscrupulous practically by definition. 

One ATO Size Doesn’t Fit All

The specifics I uncovered within travel and physical goods were interesting, and I hope you find them useful. I also always enjoy getting time to dig into data patterns that might otherwise go unnoticed in the busy flow of daily routine. But what really struck me, once I had time to think about the results, is how important it is to remember that fraud is not a one-size-fits-all thing — and that fraud prevention can’t be, either.

  • Assume they know. Fraudsters are sensitive to the factors that make your industry unique, and they’ll leverage their knowledge to make life harder for fraud fighters. 
  • Be proactive. Fraud prevention needs to anticipate this by tailoring the system’s sensitivity and risk appetite depending on the time of year, live offers or deals, products being promoted, etc. You can’t set rules based on today’s reality and walk away.
  • Accounts are valuable. Emphasis on checkout used to be paramount, but now account-level protection is essential, as well. Loyalty points, access to customer data, and fraudsters’ increased willingness to visit an account multiple times before trying to monetize it all means that sheer access to your online accounts is valuable and needs protection.
  • Take time for research. There’s always something urgent happening in a fraud prevention department, which can easily overwhelm the knowledge that you need to take regular occasions to step back and review the larger patterns of your data. Make these research periods part of your department’s annual plan, and stick to them. You can incentivize it by making a report or presentation to other departments about the results of a KPI if that helps.
  • ATO never goes away. There are a lot of fascinating new attack types that I’m watching, from the use of generative AI to the new sophistication and use of deep fakes. Fraudsters are interested in new technologies and experimenting with ways they can be used to make theft easier, faster and more lucrative. At the same time, fraud fighters can’t afford to take their eye off the ATO ball. Fraudsters aren’t slacking off on the tried and true attack methods, and as long as they still work, they probably never will.

How does ATO ebb and flow in your industry? I’d love to hear about your experiences, so feel free to reach out on LinkedIn. 

Doriel Abrahams is the Principal Technologist at Forter, where he monitors emerging trends in the fight against fraudsters, including new fraud rings, attacker MOs, rising technologies, etc. His mission is to provide digital commerce leaders with the latest risk intel so they can adapt and get ahead of what’s to come.

4 minute read