In addition to the engaging narratives and premium content publishers provide to subscribers and readers, these platforms host a wide variety of other information of potential interest to a threat actor: stored payment methods, personal information, loyalty program benefits, and, naturally, the content itself.
This breadth of opportunity for fraud has incentivized threat actors to target publishers at levels unseen before by the Human Defense Platform. HUMAN’s recent Quadrillion Report: 2025 Cyberthreat Benchmarks uncovered shifts in threat activity, suggesting that fraudsters are getting “creative” with their approaches and finding ways to monetize a single successful attack more than once.
Shifting Threat Trends Targeting Publishers
In 2024, threats targeting publishers increased across the board:
- Of all attempted account takeover (ATO) attacks seen by the Human Defense Platform, publishers accounted for 27%, up from the previous year. (Though it’s worth noting that in 2022, the rate of attempted ATO attacks was a whopping 56%, suggesting that threat actors shift their tactics and targets frequently.)
- While the rate of attempted carding attacks on publishers is relatively low, it’s climbing: the rate jumped more than 278% from the previous year.
- Possibly the most concerning rate, however, is the consistent growth of attempted scraping attacks on publishers. That rate has more than doubled in the past three years, reaching 16% of all observed scraping activity in 2024.
Scraping is particularly concerning for ad-supported publishers. Stolen content can feed made-for-advertising (MFA) websites, which divert advertising revenue by mimicking legitimate content environments, hurting both monetization and brand value, a threat model we explored recently.
Additionally, the Human Defense Platform flagged more than 800,000 fake accounts per HUMAN customer, an increase of 360% from the previous year.
How Cyber Fraud on Publishers Works
What’s important to know about a lot of cyber fraud is that an attack often isn’t just about the first thing a threat actor can do following a successful attack; it’s about the second, third, and fourth things they can do. Attacks are expensive to design and carry out, and attackers want to maximize the time and effort they spend. (Return on Attack, or ROA, it’s called.)
In a recent webinar, HUMAN researchers described a variety of downstream attacks threat actors perpetuate. A fraudster can use a hacked account to purchase an item for a third party in a “Buy-For-You” attack. Or threat actors can spread malware using hacked email accounts or the direct message function of hacked accounts on platforms that support it.
Within the publisher space, a hacked account can be used to access gated content, have payment card and login information harvested for future attacks, and provide an “aged” account from which a threat actor can offer misinformation-as-a-service.
What Accounts Are Worth to a Fraudster
The webinar referenced above also spoke of the value of hacked accounts on the dark web, and how that price point serves as a key lagging indicator of a business’ security posture. It’s economics 101: if it gets harder for a fraudster to acquire hacked accounts to resell, the price goes up. And the inverse is true: if there’s more accounts available, the price will go down.
Here are some price points for publisher accounts on one dark web marketplace:
| Publisher Type |
Account Price – Low |
Account Price – High |
| Streaming Service |
$0.59 |
$200* |
| Daily Newspaper |
$4 |
$21.99 |
| Education Platform |
$0.01 |
$59.99 |
| Financial News Platform |
$2 |
$43 |
| Social Media Platform |
$1 |
$10 |
* The high price point from this particular threat actor is because the accounts sold come with a lifetime warranty.
These accounts may be hacked or fake; their premium access brute-forced, stolen, or enriched by the threat actor; and they may be fresh or aged. All of these variables play a part in how much a threat actor can charge for an account.
Audience Data Theft Hurts More Than Privacy, It Hurts Revenue
“Damaged reputation” is one of the most common effects of a cyberattack, regardless of the target. Getting customers to return and getting them to trust after their data has been compromised is a long, uphill battle for most attacked organizations. The challenge is that publishers don’t just monetize content: they monetize audiences. First-party data, behavioral segmentation, and subscription profiles are the backbone of premium inventory and direct-sold campaigns.
This compounding effect means not only are the users who had accounts on an attacked publisher going to be reluctant to return out of well-founded concerns about their data, but the advertiser community will be reluctant to return as well, and for multiple reasons. When fake accounts are created, real accounts are compromised, or user behavior is scraped and resold, it corrupts the very data advertisers are paying for. Segments become noisy, retargeting becomes unreliable, and the performance advertisers expect simply doesn’t materialize.
That loss of trust has a ripple effect: advertisers lose confidence in the quality of the publisher’s audience, CPMs can drop, and targeting value erodes. Fake accounts will never convert to customers, and hacked accounts may not be in the hands of the people the advertisers want to reach.
It’s a double-whammy of negative business impacts based on one attack.
The Business Impact: Monetization, Trust, and Strategic Risk
Fake and hijacked accounts don’t just create security problems, they compromise publishers’ business models. From CPM erosion caused by scraped content to subscription revenue losses to advertiser exodus, the financial incentives for attackers map directly to publishers’ most valuable assets.
The most effective defense begins with monitoring the entire account lifecycle: account creation, login behavior, and post-login activity. Sophisticated fraud tactics can emerge at any stage. The Human Defense Platform helps detect, disrupt, and devalue attacker activity before it harms your users or your business.
Protecting the Content and Customers That Power Publishers’ Business
Cybercriminals are scaling up, and they’re increasingly targeting the content, users, and systems that publishers rely on. Every fake account is a point of entry. Every scraped article, a monetization siphon.
HUMAN protects some of the world’s largest publishers by spotting fake account creation, detecting scraping activity, and identifying signs of credential stuffing or fraud. We help secure publisher content, customers, and bottom lines.
Talk with a Human today about how to protect your customers’ accounts.