Account Takeover Prevention

An account takeover (ATO) is when an identity thief impersonates you and takes control of one or more of your online accounts. These may include bank or credit card accounts, other financial, medical, or online services accounts. Identity thieves obtain your login credentials (username/password combos) through data breaches, phishing attacks, ransomware, spyware, and other acts of fraud.

If even one of your username/password combos is stolen or breached, you may be at risk of credential stuffing (a type of brute force attack). Hackers don’t need to know which other accounts and services you have. They use automated software (bots) to try your stolen credentials on multiple accounts (credential stuffing) and can break into thousands of accounts within minutes. If you reuse passwords on more than one account, you are at risk of an account takeover attack.

Identity thieves only need a few pieces of personally identifiable information (PII) about you to perform an account takeover. They can use your date of birth, full name and address, email or phone accounts, SSN, or other critical information to pose as you and open, modify, take over, or benefit from your accounts in some other way. Some of this account information is stolen from your compromised accounts.

Once criminals gain access to your stolen accounts, they may do various things with them, such as:

• Use your rewards points to buy things or take advantage of discounts.
• Place orders or buy items.
• Open a new credit card in your name and make purchases.
• Purchase a new smartphone from your phone carrier and charge it to you.
• Drain your bank accounts.
• Commit credit card fraud.
• Send spam from your email account.
• Access other accounts using the information they found in another.
• Sell your information or accounts on the dark web.
• Redirect your unemployment or social security benefits to themselves.
• Access and steal other personal information or financial details.

First, contact your bank or account issuer and let them know you are a victim of ATO fraud. Then, have them reset any passwords or logins and change the email address associated with your account. Next, contact the credit bureaus and put a credit freeze on your account so no one can open new lines of credit in your name. Finally, have credit cards, and banks also freeze the activity in your account until you have fixed the problem.

Although account takeover is an alarming threat, you can take steps to protect yourself from these types of scams. Follow this list of tips to reduce your likelihood of an attack:

• Never reuse passwords on multiple accounts.
• Sign up for two-factor authentication whenever offered, especially with credit card and bank accounts.
• Never download apps you don’t know or trust.
• Always use long, strong passwords (a combination of letters, numbers, and symbols).
• Keep good, strong antivirus/anti-malware software running on all your devices as part of your cybersecurity practice.
• Turn on multi-factor authentication (biometrics) on your mobile devices.
• Keep a close eye on your credit report. You can get a free copy from all three bureaus each year. Consider credit monitoring and a credit freeze.
• Sign up for identity theft monitoring to keep a close eye on all your data and receive alerts when your information is exposed online.

Yes, exposed personal details such as your name, DOB, phone number, email account, username, user ID, social media profiles, relatives, associates, employment, education, and other personally identifiable data may lead to an account takeover.

No monitoring service can prevent all account takeovers, but account takeover prevention monitoring will give you an advantage by checking, verifying, and identifying what types of personal information could be compromised by looking at recent accounts and inquiries and monitoring any changes to your credit score or available credit lines. It can also show you exposed email addresses, usernames, and passwords.

Any type of account you have online could be at risk of account takeover. Your financial accounts are targets, shopping accounts (like Amazon), Netflix or other streaming services, email accounts, and even social media. When you open them, most accounts require some personal information; therefore, they are all targets for cybercriminals.

Account takeover fraud is when someone gains illegal access to one or more of your accounts and uses them to commit fraud. It could include draining your bank accounts, making purchases in your name, or defrauding others using your email account.