• Products

    Digital Trust & Safety Platform

    Fight fraud without sacrificing growth

    Learn more

    Platform solutions

    • Payment Protection
    • Account Defense
    • Dispute Management
    • Content Integrity
    • Sift Connect

    Sift innovations

    • PSD2 Solution
    • New Releases & Enhancements
  • Industries

    One solution, any industry

    Learn how Sift can work for your industry

    Learn more

    Featured Industries

    • Fintech
    • Payment Service Providers
    • Retail
  • Customers

    Case studies by industry

    See how leading brands succeed with Sift

    Learn more

    Featured Customers

    • DoorDash
    • Uphold
    • Paula’s Choice
  • Partners
  • Fraud Center
  • Resources

    Live webinars & events

    Industry conferences and live sessions

    Learn more

    • Blog
    • Demos
    • Infographics
    • Ebooks & Reports
    • Videos
    • Podcasts
    • One-Pagers
    • On-demand webinars
    • Trust & Safety University
  • Company

    Why leaders choose Sift

    Technology, community, and partnership

    Learn more

    Our mission: Help everyone trust the internet

    • About
    • Careers
    • News & Press
    • Live events
Talk to an expert
Products
  • Digital Trust & Safety Platform
  • Payment Protection
  • Account Defense
  • Dispute Management
  • Content Integrity
  • Sift Connect
  • PSD2 Solution
  • New Releases & Enhancements
Industries
  • Fintech
  • Retail
  • Payment Service Providers
Customers
Partners
Fraud Center
Resources
  • Live webinars & events
  • Blog
  • Ebooks & Reports
  • One-Pagers
  • Demos
  • Videos
  • On-demand webinars
  • Infographics
  • Podcasts
  • Trust and Safety University
Company
  • Search Careers
  • Our Company
  • Contact Us
  • Engineering Blog
Talk to an expert Sign in
  • Blog Home
  • Account Fraud
  • Digital Trust & Safety
< prev / next >
Share this article on LinkedIn
Tweet this article
Share this article on Facebook
SOCIALICON
Share this article via email

3 common ATO attacks—and how to stop them

By Sift Product Team  / 

April 12, 2022 Updated May 24, 2023

Legacy account security—e.g., passwords and usernames—is nearing the end of its usefulness as a means to protect against account takeover (ATO) fraud. In fact, ATO is growing exponentially. Accelerated by the global pandemic, more consumers are relying on online services rather than brick-and-mortar stores—leading to a reliance on digital accounts and the need to protect those accounts from cybercriminals who want to steal stored value, payment information, demographics, and personally identifiable information (PII).

Successful online businesses need a multi-pronged, layered approach that addresses every step of the user journey, authenticates users, secures accounts, and stops ATO while also future-proofing against the more aggressive fraud attacks emerging every day.

Each layer can be viewed as a tool among many to protect various points of the user journey. In this article, we’ll go over some of the common attack methods Sift customers face and how to combat them.

Stolen login credential attacks

We’ve all experienced it: you get an email or text notification about suspicious login activity on one of your accounts—and it definitely wasn’t you trying to access the site or app. It’s a quick way to ruin a day, and it happens all too often. Somewhere along the line, a fraudster gained access to your account credentials (whether that’s through the dark web, phishing, or some other means). Fortunately, it’s much less common for nefarious actors to gain control over your device. 

With this in mind, a common way to protect users and detect account takeover attempts is to analyze the device being used to log in. With Sift, you can use Device Fingerprinting to uniquely identify the device a visitor is using to interact with your site, determine whether you’ve flagged that device as being associated with fraudulent behavior in the past, and prevent that visitor from using your site in the future.

To learn how to implement Sift Device Fingerprinting, read our integration guide.

In addition to analyzing the device, it’s also important to analyze the connecting IP address to determine if this is an IP the customer has used in the past. This can be determined using the Sift Console. A login using an unfamiliar device but a familiar and commonly used IP address may be a signal that the legitimate user has a different or new device. If both the device and IP address are unfamiliar, this indicates a higher-risk login event.

Credential stuffing attacks

Credential stuffing attacks are a form of stolen login credential attacks, and are automated using scripts and/or bots. In this type of attack, fraudsters use these automated tools to test large lists of stolen login credentials for popular websites. Because the attack is automated, the speed at which the stolen credentials are tested is an indicator that an ATO attempt is in progress.

Sift’s industry-leading, custom ATO machine learning model detects real-time risk at the point of login using over 100 signals, and can alert trust and safety teams of suspicious failed login attempts and potential bot-based attacks.

Social engineering and phishing

Ninety-eight percent of cybercrime involves social engineering, with attacks becoming increasingly complex. In many social engineering attacks, the victim is convinced to reveal important PII to a fraudster or complete an action that gives a fraudster access to an account.

Protecting accounts against these types of complex attacks requires access to, and analysis of, real-time data at multiple touchpoints. Dynamic Friction can play a critical role here, guiding users along whatever experience is appropriate for them on your site, and preventing cybercriminals from successfully mimicking trustworthy customers.

Learn how to simplify account security and accelerate growth with Sift Account Defense.

Related

account defenseaccount securityaccount takeoverATOcredential stuffingdevice fingerprintingDigital Trust & Safetydynamic frictionfraud prevention

Sift Product Team

  • < prev
  • Blog Home
  • next >
  • Company
  • Get a free demo
  • About us
  • Careers
  • News & press
  • Partner with us
  • Blog
  • Support
  • Help Center
  • Contact support
  • System status
  • Trust & Safety University
  • Fraud management
  • Developers
  • Overview
  • APIs
  • Client libraries
  • Integration guides
  • Tutorials
  • Engineering blog
  • Social

Don’t miss a thing

Get industry trends, insights, and actionable fraud-fighting tips.

You're on the list.

You can unsubscribe at any time. Please see our Website Privacy Notice.
Do Not Sell My Personal Information

If you are using a screen reader and are having problems using this website, please email support@sift.com for assistance.

© 2023 Sift Science, Inc. All rights reserved. Sift and the Sift logo are trademarks or registered trademarks of Sift Science, Inc.
Privacy & Terms

Secure your business from login to chargeback

Stop fraud, break down data silos, and lower friction with Sift.

  • Achieve up to 285% ROI
  • Increase user acceptance rates up to 99%
  • Drop time spent on manual review up to 80%
Your information will be used to contact you about our service and subscribe you to our direct marketing communications. You can, of course, unsubscribe at any time. Please see our Website Privacy Notice.