Account takeover (ATO) is a form of online identity theft where a third party illegally accesses a victim’s online account to turn a profit by changing account details, making purchases, and leveraging the stolen information to access other accounts.
ATOs are among the most significant cybersecurity threats to both businesses and consumers, costing an estimated USD4 billion in 2018.
Recognising the types of account takeovers
Successful ATOs targeting banking, e-commerce, travel, insurance, and retail industries have increased in recent years. These typically fall under one of four common ATO fraud scenarios:
Credential cracking: This occurs when a bad actor gains access to a victim’s username or email. This is fairly easy to obtain because people often use their email address in multiple places and frequently use the same username on multiple websites. To access them, a malicious hacker uses bots to automatically try various combinations of the most commonly used passwords and general phrases in order to gain access.
Credential stuffing: This is one of the most common attacks and it’s currently on the rise. In this scenario, bad actors gain access to a large number of stolen usernames and passwords. Then they use a bot attack to automate the process of trying out these stolen credentials by “stuffing” them into multiple websites—this is often successful because many people use the same username and password for various sites. Once they gain access, the criminal will then make purchases, use loyalty points, and/or transfer funds to other accounts.
Password spray: Unlike credential cracking and credential stuffing, which affect known users and their passwords, this method focuses on unknown users in an effort to circumvent common ATO prevention measures. Here, a bad actor targets select websites by using a bot attack to make multiple login attempts using common or known usernames like “password123” or “123456.” If the login fails, they’ll try again using another account name since this method typically triggers a lockout after three to five failed attempts.
SIM swap attack: This occurs when malicious hackers use social engineering techniques to take advantage of a legitimate service to swap out a user’s SIM card. By taking over a victim’s phone, hackers are then able to intercept authentication codes and validate fraudulent transactions.
Common red flags that may indicate ATO attacks are happening include:
- Irregular spikes in login attempts.
- Increased failed login counts.
- Spikes in account locks.
- Reports of fraudulent emails or SMS messages sent from someone posing as a legitimate entity.
- Customer complaints about unauthorized fund movement.
- Mismatched TCP and HTTP signatures.
Common tactics that lead to account takeovers
Bad actors employ a number of strategies to obtain the information they need to perform an account takeover. These include:
Phishing: Here criminals typically create a false sense of urgency by compelling a user to open or click on an email. It then redirects them to a fake website that’s identical, or nearly identical, to their financial institution where their account credentials are stolen.
Malware: This is both common and difficult to detect. Malware is malicious software installed on a victim’s computer by a bad actor that captures the user’s information through keystroke logging or redirection to a fraudulent website.
Man-in-the-middle attack: This happens when a malicious hacker positions themselves between the victim and the institution they’re attempting to contact. Then the criminal uses a rogue access point to intercept the customer’s data to gain access to their account. Mobile banking apps can be particularly vulnerable to this kind of attack if proper security measures aren’t in place.
How account takeovers impact your organisation
While certain industries are more common targets of account takeover attacks, any company that has a user account or membership system is vulnerable.
They’re one of the most damaging cyber threats your organisation faces. And without ATO prevention, these attacks not only threaten your revenue, but your reputation as well, which may result in a loss of trust from your customers.
Ways to avoid account takeover fraud
The good news is there are precautions organisations can take to mitigate the risk of account takeover fraud in an increasingly mobile world.
In order to reduce incidents of account takeover, organisations should implement a fraud prevention strategy that includes:
- Implementing a bot detection solution to identify visitor behaviour through analysis of technical and behavioural data.
- Providing multi-factor authentication (MFA) options for all accounts.
- Monitoring cybercriminal underground activity targeting your organisation.
- Encouraging customers to use a password manager to set a unique, strong password for every one of their online accounts.
Get started with fraud protection
The account takeover detection and prevention platform your organisation uses should keep pace with the increasingly sophisticated cyberattacks targeting your business. And when it comes to purchase, account, and loss prevention, ATO technology is critical in order to increase fraud awareness and improve customer experiences.
With that in mind, when evaluating your ATO protection options, be sure to look for one that includes:
- Adaptive AI technology
- Bot protection
- Account sign-in protection
- Business intelligence reporting
- An enhanced loss prevention system