Security News > 2021 > September > Innovative Proxy Phantom ATO Fraud Ring Haunts eCommerce Accounts
A sophisticated fraud ring, dubbed Proxy Phantom, has pushed the boundaries of credential-stuffing attacks with a dynamic account takeover technique that was flooding eCommerce merchants in the third quarter.
What really set the Proxy Phantom attacks apart was the use of dynamically generated IP addresses from which it launched the campaigns.
"By leveraging automation for both credential and IP address rotation, this ring exhibited a major evolution of the classic blitz ATO attack."
ATO attacks in this vertical skyrocketed a staggering 850 percent between Q2 2020 and Q2 2021, "Mainly driven by a concentration on crypto exchanges and digital wallets, where fraudsters would likely try to liquidate accounts or make illicit purchases," Sift found.
Nearly half of consumers surveyed as part of the report feel most at risk of ATO on financial services sites compared with other industries, with a full quarter of ATO victims noting their compromises came via financial services sites.
Almost half of ATO victims have had their accounts compromised between two and five times.
News URL
https://threatpost.com/proxy-phantom-fraud-ecommerce-accounts/175241/