Report: Account Takeover Attacks Grew Over 800% against Fintech and Almost 500% Against Food & Beverage Sectors, Sift Data Shows

Sift’s Q3 2023 Digital Trust & Safety Index reveals rise in ATO-as-a-Service and social media fraud influencers putting merchants at greater risk

SAN FRANCISCO, Sept. 26, 2023 (GLOBE NEWSWIRE) -- Sift, the leader in Digital Trust & Safety, today released its Q3 2023 Digital Trust & Safety Index, which found that account takeover (ATO) attacks jumped a staggering 354% year-over-year in Q2 2023 across Sift’s global network. Fintech and food & beverage categories experienced especially large increases: ATO spiked 808% YoY across fintech, pummeling loyalty sites and crypto, and opening the gate to downstream payment fraud, while the food & beverage industry saw a 485% increase in ATO.

Consumer sentiment echoes these findings: nearly one-fifth (18%) of those surveyed by Sift have experienced account takeover attacks, with 62% of those taking place in the past year. Over 34% of victims were defrauded two or more times, typically while using sites or apps for digital subscriptions, online shopping, and financial services.

The ever-evolving nature of tools like generative AI mean businesses in every region and vertical are facing faster, costlier attacks, and losing ground when it comes to accurately detecting abuse. At the same time, the global Fraud Economy has produced the tactics and tools necessary to target industries where growth is rapid and investment in security is high—like financial services. As a result of these compounding factors, predictions point to billions in fraud losses by the end of 2023, with over $635B related to ATO attacks.

As part of its research into these tactics and tools, Sift’s Trust and Safety Architects are also tracking the phenomenon of openly advertised calls-to-abuse, which they refer to as “the democratization of fraud”—a growing accessibility to illicit tools and services that allows anyone with internet access to participate in fraud. The rise in ATO is closely tied to this trend: 24% of consumers surveyed by Sift report having seen offers to participate in account takeover schemes online.

Sift experts have observed that fraudsters are increasingly moving off of the dark web, instead operating in broad daylight and using major social platforms to actively recruit new bad actors—before moving them off-platform to messaging apps where they can market stolen credentials or fraud-as-a-service schemes. Sift Trust and Safety Architects have been closely following several social media accounts of known fraudsters who are using TikTok and Instagram to market their fraud offerings and show off their bounty from successful attacks, then funneling interested users to Telegram where they’re able to buy stolen credentials.

“2023 has been the year of the account takeover,” said Kevin Lee, Vice President of Trust and Safety at Sift. “We’ve seen a perfect storm of factors, from AI-fueled social engineering, the availability of fraud-as-a-service tools, and fraud influencers democratizing access to stolen accounts, leading to an ATO explosion. And while fraudsters are leveraging the most innovative tools and techniques available to steal from businesses and consumers, those businesses need to take advantage of technologies like machine learning and automation to defend against digital risk.”

To read Sift’s Q3 Digital Trust & Safety Index, please click here.

About Sift
Sift is the leader in Digital Trust & Safety, empowering digital disruptors to Fortune 500 companies to unlock new revenue without risk. Sift dynamically prevents fraud and abuse through industry-leading technology and expertise, an unrivaled global data network of one trillion (1T) events per year, and a commitment to long-term customer partnerships. Global brands such as DoorDash, Twitter/X, and Poshmark rely on Sift to gain a competitive advantage in their markets. Visit us at, and follow us on LinkedIn.

Media Contact:
Victor White
Senior Director of Corporate Communications, Sift