According to a recent survey, more than one-third of merchants have seen at least 10 percent of their user accounts taken over in the past year while more than one-quarter of merchants have no measures in place to protect against account takeover. Meanwhile, less than 8 percent of consumers were notified about account takeover incidents by the merchant custodian of their compromised account.
There’s a good reason why web administrator credentials sell for over $3,000 on fraudsters forums: because they are highly valuable to fraudsters. It’s imperative for merchants and any organization with an online presence to keep theirs safe, and now more so than ever as fraudsters have found clever ways to hide credential stealing malware to compromise customer and website user data.
Once fraudsters takeover a website, here are some of the things they can do: