What is account takeover fraud?
Account takeover fraud (ATO) is a form of identity theft in which criminals exploit your financial or personal accounts (such as social media or email)by posing as the legitimate account holder: you. Scammers often use these takeovers to steal funds or access sensitive information to further their fraudulent schemes. Increasingly, criminals are turning to artificial intelligence (AI) to refine their tactics, creating more convincing videos, realistic AI voice clones, and sophisticated social engineering techniques.
Cybercriminals often target e-commerce platforms because they store valuable customer data, including home and email addresses, phone numbers, credit card details, and purchase history.
At the same time, fraudsters may pose as merchants on legitimate sites, deceiving customers into believing they’re interacting with a trusted seller. These schemes not only result in fraudulent purchases but also expose customers to account takeover fraud by tricking them into revealing sensitive information. Fraudsters also target social media, online gaming, and healthcare portals, where they can exploit sensitive consumer information.
While account takeover fraud often starts with subtle changes that may go unnoticed, such as a request for a new card, password reset, updated contact information, or the addition of an authorized user—it can escalate into more serious consequences.
Criminals may use your account to steal funds, harvest personal and financial information from friends, family, and coworkers, and lock you out of other accounts they manage to hack.
Methods criminals use to commit account takeover fraud.
Cybercriminals initiate account takeover fraud by exploiting sensitive information exposed in data breaches and later leaked or sold on the dark web. They also steal account data through session hijacking, public Wi-Fi networks, phishing, and other tactics. Learning to anticipate these schemes is key to protecting your accounts and personal information.
Session hijacking
Any time you log in to a website or app, you’re given a session token to keep you signed in without having to continually re-enter your password. Cybercriminals use session hijacking to illegally access your token, then your account. They also employ tactics like malware, cross-site scripting (XSS), or man-in-the-middle (MITM) attack.
SIM card swapping
Phone carriers use SIM cards, which allow smartphones to connect to the cellular network. When fraudsters impersonate you and contact your cell provider, they can port your phone number over to an illegal SIM card. This opens the door to unauthorized account access, for example, by requesting a one-time access code—that enables criminals to take over your accounts.
Phishing
A Phishing is a common scam that uses malicious emails and text messages to access personal information. Fraudsters send these messages to your contacts, impersonating you or a legitimate organization to trick recipients into revealing sensitive personal and account information.
Phone calls
Scammers often connect with victims through direct phone calls. Posing as customer service or tech support agents, they act helpful and reassuring to steal your sensitive information. Advancements in AI make fraudulent phone calls sound more realistic, as fraudsters extract snippets of audio to re-create a voice that sounds eerily similar to a loved one.
Public Wi-Fi networks
Public Wi-Fi networks are especially vulnerable to account takeover fraud. In the classic man-in-the-middle attack, cybercriminals illegally tap into these unsecured networks to intercept interactions between victims and their personal accounts (via log-in sessions). Sophisticated scammers may also hack the devices that victims use to access their accounts.
Credential stuffing
Hackers use credential stuffing to steal account credentials, typically, a combination of username and password. When successful, they use that same “key” to try and unlock other accounts, knowing that many people use the same login details across platforms. While convenient for users, this tendency makes it easier for bad actors to hack additional accounts.
Brute force attacks
While credential stuffing relies on the successful reuse of login details, a brute force attack attempts to gain access from scratch. With this tactic, attackers aggressively guess combinations of usernames and passwords until they find the one that works.
How to spot and stop account takeover fraud.
You may not always be alerted to account takeover fraud while it’s happening. However, you can learn to spot the signs of an account takeover fraud in progress:
- New or unusual logins, especially those from a new device, location, or time zone
- Excessive number of failed log-in attempts or log-in sessions within a short time frame
- Email notifications of account changes you didn’t initiate
- Uncharacteristic rise in chargebacks or purchases
- Pending request for a new credit card
- Unauthorized charges to your bank account(s)
- Inability to access your account(s)
A common reaction to ATO fraud is to try and track down the cause of the l data breach. However, a more strategic response should be to protect other accounts and minimize further breaches.
How account takeover fraud impacts individuals and businesses.
Account takeover fraud often results in a breach of personal security, financial loss, or identity theft. When cybercriminals target an individual employee’s accounts, they can also target the employer by posing as a trusted source. For business, this kind of breach results in legal fees, potentially deep financial losses, or reputational damage.
With the rise of AI and machine learning, account takeover fraud is on the rise. By taking advantage of AI technologies, cybercriminals have become more tactical and sophisticated in their schemes.. In addition, a lack of awareness among consumers, along with the prevalence of convenient digital logins to personal and financial accounts, have also increased the potential for account takeover fraud.
How to protect yourself against account takeover fraud.
Regularly monitoring your personal and financial information can help protect your accounts from account takeover fraud. Keep an eye out for email notifications on account details that may have changed. Mark emails from unknown senders as spam and block requests from suspicious social media accounts.
Limiting what you share on social media can also help protect your personal information. Use secure Wi-Fi networks and install a virtual private network (VPN) to ensure greater safety. Also, keep your devices updated with the latest antivirus software and security measures.
Lastly, consider implementing two-factor or multi-factor authentication on all your personal accounts. Vary your passwords for each account and use a password manager to manage and store them in one secure place. Research and institute identity theft protection measures, such as monitoring credit reports and shredding sensitive documents.
Next steps for victims of ATO.
If you become a victim of account takeover fraud, immediately report it to your bank and any other companies that may be involved. Change your passwords on any accounts in which you still retain access. Report the incident to the local police and the Federal Trade Commission.
Also, consider putting a fraud alert and security freeze on your credit report. Continue to monitor your credit and any remaining accounts for any further suspicious activity.
Minimize your risk of account takeover fraud.
While many may experience the unfortunate impact of account takeover fraud, staying informed and proactive against potential attacks can help protect you and your family. If you believe you’ve been a victim of identity theft, account takeover fraud, or a micro-deposit scam, or have noticed any unusual account activity, call 1-800-274-5696 or contact the customer care team immediately. To get informed on other ways to protect your bank account, learn more tips to keep your account safe and secure.
