Account Takeover Fraud – What do you need to know?

Have you found yourself the victim of account takeover fraud? If you have not, you’re in luck. Unfortunately, account takeover fraud is rising, with banks, eCommerce platforms, and social media accounts in the crosshairs of fraudsters.

We’re detailing just what account takeover fraud is. And we are offering you a few solutions so that you can help to protect yourself.

Defining account takeover fraud

Account takeover fraud also referred to as account compromise, is the term used when a fraudster gains access to and seizes control of an account. The fraudster may alter some of the account information to lock the account owner out. Perhaps by changing the username, the password, or the email associated with the account. With complete control of the account, the fraudster is free to make unauthorized transactions using the account or sell the account to someone else who may see value in it.

Any online account that has been secured using a username and password can be potentially compromised by fraudsters. Some of these account types include the following.

  • Social media accounts
  • Gaming accounts
  • Bank accounts, both online and apps
  • Credit card accounts
  • Grocery store and delivery accounts
  • eCommerce accounts
  • Mobile phone accounts
  • Credit card and charge card accounts
  • Email accounts
  • Medical-related accounts

These are just some of the examples of potentially at-risk accounts. Think about each of the accounts that you log into across websites and apps. If they are secured with your username and password alone, there is the risk that they could be a target for fraudsters.

What can a fraudster do?

You may wonder what a fraudster can do with access to some of these accounts. What can they do if they take over your social media account or your mobile phone account? In short: they can do anything they want to. They now have access to any contacts connected to your accounts, they now have access to any credit cards attached to your accounts, and they now have access to do anything they want to do with that information.

There are several things for a fraudster to pursue once they’re into your account with free reign.

  • They can make fraudulent orders using either stolen credit card info from another victim or they could use credit card details you’ve saved to your account. How many of us simply click the box to save a credit or debit card to the account for speedier checkouts in the future? Convenient it is, indeed. A cybersecurity risk, it is absolutely.
  • If the account allows for the accumulation of loyalty points or credits, the fraudster could use them for their own benefit.
  • A confirmed account could be sold to other cybercriminals who can find value in it. As an example, a social media account gives a fraudster access to everyone within the victim’s network. As a result, they can become potential targets of any number of scams.
  • Your personal data could be extracted and sold on. Your data can be of great value to the right buyer.
  • A fraudster with access to your bank account could transfer your funds out, leaving you in dire financial straits as you attempt to work it out through your bank.

Whether they’re clearing out your bank account or ordering an expensive tablet through your mobile phone account, fraudsters can leave a trail of trouble and financial strife for their victims.

How do fraudsters access your credentials?

There are a number of ways that a fraudster may be able to get into your account, with varying levels of effort.

Phishing, spear-phishing and malware are considered to be the most commonly used methods. The level of effort can vary, but it can often require more time than many cybercriminals are willing to invest for access to a delivery service account. They are much more commonly used in the takeovers of banking apps and accounts, with the potential for a higher financial payoff.

Data breaches are reported in increasing numbers. These data breaches can put your login credentials right into the hands of cybercriminals. If a company you do business with reports a data breach, take the time to change your username and password. Remove any linked credit cards or checking accounts.

Fraudsters are also able to purchase stolen credentials on the dark web. With one set of login credentials in hand, fraudsters are likely to use these same credentials across a range of popular websites and on popularly used apps. This is a process known as credential stuffing. The idea behind it is that many of us are prone to using the same username, email address, and password across the different sites and apps that we use. If you use the same login credentials for your grocery store account and your mobile banking app, you have essentially given a fraudster access to both accounts if they just get the one.

How can you protect against account takeover?

Perhaps the most important step that you can take is to update your login credentials across the sites and apps that you use most often. Use a different username and password for every account that you use. This can be tedious but it’s much easier to do this than to deal with the potential financial fallout of having your account taken over.

While it’s convenient, try to avoid saving your payment methods on your accounts. It’ll make it easier to pay your bills, certainly. But it’ll also make it easier for a cybercriminal to make unauthorized purchases using your account.

We would be remiss if we didn’t mention that ZenKey offers a highly secure way for websites and apps to embrace a passwordless future. Are you ready to learn more? Let’s start a conversation!