"Rapid Growth of Password Reset Attacks Boosts Fraud and Account Takeovers"
According to security researchers at LexisNexis Risk Solutions, as many as one in four password reset attempts from desktop browsers are fraud. The researchers found that there are 70,000 password reset attacks in the UK every week, with fraudsters aiming to take over individuals’ online accounts. This includes changing users’ passwords and phone numbers and locking them out of services. These “detail change” attacks rose by 232% in 2023. Criminal hackers then use the personal information from accounts for further fraud. The researchers noted that media streaming, e-commerce, and mobile services are the most commonly targeted accounts. The researchers said that the number of password reset attacks has increased four-fold over the last year. The researchers believe that the increasing use of bots is driving the rise, with bot-based password reset attacks up 1680%. The researchers noted that desktop computer users appear more at risk of password reset attacks.