What is Account Takeover?

Account takeover, also known as ATO, is a form of identity theft in which a malicious third party gains access to or “takes over” an online account. It’s one of the fastest-growing cybersecurity threats today, growing a staggering 300% since 2019 and leading to consumer losses of $3.5 billion.

One of the primary reasons behind this massive rise in account takeover is the relative ease with which it can be done. With more than 15 billion login credentials available on the dark web because of data breaches, millions of online accounts remain at risk of unauthorized access.

In this guide, we define how account takeover happens, how it affects consumers and businesses and what you can do to help protect yourself from it.

How Account Takeover Affects Consumers

Auto-fill features in apps and web browsers have helped make online payments a breeze. One click alone is often enough to log in or make a purchase. However, once your accounts are compromised, cybercriminals can use them to perform a variety of malicious activities, including:

Unauthorized Purchases

The most common type of fraud associated with account takeover is payment fraud. Once an account has been breached, it’s relatively easy for criminals to make purchases and simply update delivery details to redirect items to them.

Research by Ravelin has indicated that 71%of account takeover attacks resulted in the attacker placing an average of three to four orders with a success rate of 50%. And in 46%of these cases, the criminal changed the delivery address to redirect the order to them. These items are then typically sold for profit. In many cases, however, the attacker simply uses compromised accounts to order amenities, as there are generally fewer security checks associated with these services.

Use Loyalty Points or Account Credits

Even if the compromised account doesn’t have payment details associated with it, criminals can still use saved loyalty points or account credits. Air miles are a common target for this kind of fraud, as they can be used to buy transportation in other countries.

Selling Online Accounts

Selling compromised accounts is also a lucrative business. According to TrendMicro, certain accounts can be sold online, including:

  • Uber accounts for around $3.78 per account.
  • Facebook accounts for around $3.02 per account.
  • Netflix accounts for around $0.76 per account.
  • Credit card accounts for around $2.22 per account.

While these individual prices seem low, it’s important to remember that data breaches usually compromise millions of accounts at a time which are then sold in bulk.

Selling Stolen Data

Given that 52% of people use the same password for multiple accounts, compromising one account can give a criminal access to a vast range of personal data. Stolen data can then be bought and sold on the dark web. Tax documents such as W-2s and 1040s can be purchased for around $1.04, while Social Security numbers range from $0.19 to $62 for bundles of personal details.

How Account Takeover Affects Organizations

A compromised business account, especially at a management or executive level, opens up a range of fraud opportunities for criminals.

Once they have access to an account with sufficient authority, cybercriminals can use that trusted email address to scam other companies into making fraudulent payments or just distribute malware en mass.

Not only does this kind of fraud have a monetary cost, but it also damages the reputation of the targeted company.

What’s Fueling Account Takeover Fraud

Several interconnected factors are driving the current surge in account takeover fraud, including:

Data Breaches: Over the past 15 years, 1.8 billion records have been leaked as a result of data breaches. These data breaches supply criminals with a vast collection of data that can be used for account takeover.

The Dark Web: The dark web is where hacked accounts and stolen personal data is bought and sold. This includes bulk collections of details stolen in data breaches.

Social Engineering: Cybercriminals are increasingly using sophisticated social engineering tools to trick people into revealing their login credentials. Research by Verizon has shown that a third of all breaches in the past year involved phishing scams.

Credential Stuffing: Credential stuffing is a hacking method where hackers use compromised username/password pairs to access online accounts. Hackers use bots that automate login attempts, testing thousands of logins per minute.

Password Security: Despite an increased focus on password security, many people still use easily crackable passwords and reuse the same passwords for multiple accounts. This creates ideal conditions for hackers to compromise numerous accounts in a short space of time.

Autofill Automatic Checkout (ACO): Saving payment details in your browser or apps has made online payments easier. However, if hacker manages to get a hold of your login credentials, they will also have the ability to make unauthorized purchases.

Account Takeover Prevention

While Account Takeover is a growing problem, there are simple steps you can take to help protect your account:

Change Your Password Habits

The first step toward protecting yourself from account takeover is to improve how you manage your passwords. Here are some tips:

  • Update your password every 72 days on all of your accounts.
  • Never use the same password for multiple accounts.
  • Passwords should be at least 13 characters long and composed of capitalized and non-capitalized letters, numbers and special symbols.
  • Enable two-factor authentication on all your accounts to significantly impede anyone attempting unauthorized access.
  • If managing many complicated passwords sounds overwhelming, try using a password manager that automatically creates and updates unique passwords for you.

Always Keep Your Browser Updated

Cybercriminals are always looking for new ways to exploit web browsers’ vulnerabilities, and developers are always patching over them. Failing to update your browser leaves these vulnerabilities in place and puts your account security at risk.

Install Anti-Malware Software

Malware is a crucial tool used to carry out account takeover attacks. Spyware can be loaded onto your machine to log all your keystrokes. Trojan horses can give criminals backdoor access to your system. Your computer might even be part of a bot-net used to hack other accounts through credential stuffing.

Installing a trusted and mature antimalware solution on your computer and keeping it regularly updated can help you contain and eliminate malware infractions before you’re put at risk.

The Bottom Line

While the massive increase in account takeover fraud should be a significant concern to businesses and consumers alike, there are simple ways to protect yourself.

By changing how you approach passwords, keeping your browser updated, installing the right antivirus, and proactively monitoring your identity, credit, and bank accounts for unusual activity, you can massively reduce your vulnerability to this increasingly prevalent form of cybercrime.