Account takeover fraud is a type of identity theft where a hacker or cybercriminal gains access to the target account and then make the required changes like changing the email address and other PII (personally identifiable information) or adding an authorized admin to the account while kicking out the previous admin(s).
After an account is compromised, the perpetrator can then launch a more severe attack like carrying out unauthorized transactions (if it’s an account on eCommerce sites), launching a more severe data breach, and so on.
It is important to note that an account takeover fraud can target anyone, not only famous people. When your account is compromised, everything from your credit card transactions, phone numbers, and email addresses, as well as government benefits are also at risk.
Account Takeover and Its Growth
As we can see, account takeover can be a very serious threat, and in the past few years, it has grown tremendously and become much more dangerous both in quantity and quality. Here are some important factors causing this growth:
Data breaches: in the past five years, there has been a major increase in serious cases of data breaches impacting huge enterprises like Uber and Deliveroo. And hackers are using stolen credentials to attempt account takeover via credential stuffing.
- Dark web: there are many forums and hidden marketplaces where hackers can buy and sell stolen information and also methods to perform account takeover attack
- Digital payment: with the rise of digital payment activities, it’s now much valuable for the perpetrators to perform account takeovers on services like PayPal, Stripe, or Venmo.
- Social media: with so many people active on the internet and social media, account takeover and data breach via social engineering methods like phishing are now much more common
- Weak password, more powerful brute force methods: it’s common for people to use one password across all their accounts in man different platforms. On the other hand, hackers now have access to a plethora of various sophisticated brute force techniques, fraud schemes, and better equipment.
Below, we will discuss some of the most common account takeover fraud schemes and how we can protect against them.
Top Account Takeover Fraud Schemes
Credential Stuffing
Credential stuffing is one of the most common fraud schemes causing account takeover. When a hacker performed a successful data breach on a website, the list of stolen credentials (password and username) can be sold on the dark web/black market, so more cybercriminals can now use this information simultaneously.
The attacker can now use bots and automated systems to try the same credential on many different sites in parallel—a credential stuffing attack—, which has a relatively high success rate and can be very difficult to defend against.
How to protect against credential stuffing: educate your users to use stronger passwords and not to use the same password for multiple sites. Also, implement multi-factor authentication (MFA).
Malware
Another common way to perform account takeover is by infecting the victim’s device with malware. Malware can infect the victim’s computer in many ways from visiting a spam website to opening a malicious email attachment.
The malware program can then perform various types of attacks from redirecting the victim to fake websites in an attempt to steal the login credentials to installing keyloggers on the computer to intercept anything the victim types including passwords and banking details.
Mobile banking trojans have increased in popularity since 2018, which can cause severe damage. The trojan will activate when it detects the mobile banking app is running on the device, push the app to the background, and display its own interface, stealing the user’s credentials.
How to protect against malware: a proper antivirus with behavioral detection is very important, assisted with a fully functioning firewall.
Phishing
Phishing is a form of a data breach using social engineering, designed to exploit two things: our sense of urgency and our trust in known, famous websites. For example, the phishing attack might involve an email that looks legitimately from Facebook, telling us that there’s a data breach attack on Facebook and advising us to change our password immediately (while providing us with a legitimate-looking login page). This email will use the common elements of Facebook’s emails like logos, signatures, and even real-sounding names.
When users fill their credentials to this fake login page, their username and password are completely stolen.
How to protect against phishing attack: educating our users about our real email address, contact information, and encouraging them to only attempt a login on the official website/app.
Phone scams
Similar to phishing, this is a social engineering attempt to get the victim’s credential information. For example, the perpetrator might pose as a Microsoft representative and tell you that your computer has a virus. The victim then hands over remote access to the device and the criminal might access any account in which the credentials are stored within the computer.
The phone scam might also target customer support representatives of a target company, that might be tempted to hand over crucial information allowing the attacker to control the account.
How to protect against phone scams: similar to phishing, educating customers and employees are key.
Unsecured WiFi
It’s very common for us to think that logging in to free WiFi at the airport or at the mall is harmless, but they are often unsecured and can allow hackers to steal your information. The hacker might intercept the content of your internet traffic, or also known as a man-in-the-middle attack. This can then expose any information you send over the internet, including login credentials and even banking information
How to protect against man-in-the-middle attack: A VPN can help protect your connections by encrypting ongoing and incoming traffic.
End Words
A key to preventing account takeover is to implement a strong and accurate detection system to detect malicious login attempts and bot activities as early as possible. DataDome can identify and protect your business from account takeover the most sophisticated bot activities, which are often used in various data breaches and account takeover attempts.
