Account takeover (ATO) attacks are on the rise. As per a report, 22% of adults in the US are falling victim to this type of attack. On an average, there is a loss of around $12,000 per case. An account takeover happens when someone other than the account owner gets access to the account. This can happen with any kind of account, like social media, email, or online banking. It can even happen with credit cards!
A fraudster might use stolen information, or they might use brute force or social engineering to get access to others’ account. They can even pretend to be from the government or a bank to get someone’s personal information, making it hard to detect such attacks. Not just for private individuals but it has become essential for businesses also to put in place defenses against online fraud.
How can attackers gain access to user accounts?
According to a report by SEON, 60% of ATO victims in the US used the same password for different online accounts. This makes it easier for fraudsters to gain access to multiple accounts of a user.
51% of social media accounts and 32% of banking accounts were compromised following ATO attacks.
Fraudsters watch the consumer market for activity spikes. They wait to make their move. If a fraudster successfully takes over a legitimate account, the first thing he will do is try to change the account information, password, and sometimes notification settings, so that the genuine owner doesn’t find out. This is one of the many touchpoints at which he can be caught using robust fraud prevention software.
How can businesses prevent ATO attacks?
Awareness among employees: Employees must be aware of what to do if they receive a phishing email or malware. Companies must train them to identify these emails and other content that may be harmful and report anything suspicious, to the Help Desk or security teams.
Alertness regarding spear-phishing tactics: Fraudsters are faking the identity of the CEO of the company for obtaining account information or gaining access to network resources.
Using a password manager: Users must have a different password for each account. A password manager will help in this regard. It will do the task of devising, storing, and applying unique and complex passwords for every account. The password manager must be secured by a unique and complex master password.
Blocking suspicious IP addresses and devices: Security teams must immediately block any suspicious IP addresses or devices that are trying to access the company’s network.
CAPTCHA security against bot attacks: Attackers may use bots to automatically try to sign in tointo a website or account using different credentials. Companies can implement CAPTCHA security that kicks in after several failed authentication attempts.
How can consumers prevent account takeover attacks?
Create strong and unique passwords: By using a password manager, consumers can adopt a complex and unique password for each of their accounts. They just need to ensure that their password manager is protected with a strong master password.
Use multi-factor authentication (MFA): By setting up MFA for all supported accounts and websites, users can prevent attackers from logging into the account even if the password is compromised. MFA will not let the attacker log into the user account without the second form of authentication.
Do not randomly share account information: Users must never just give their account info to others. If they get any email or text asking for account information, they must verify the individual or company trying to confirm whether the attempt is legitimate.
The best way to prevent account takeover attacks is to take the necessary precautions. Adopt the security steps required by your organization and be sure to educate employees on how to identify fraudulent emails and websites. Having a fraud prevention and detection system in place can also help you quickly identify any suspicious activity and protect your business’s online presence. Are you doing everything possible to prevent account takeover attacks?
Read next: Global cyber security revenue to reach $334 billion in 2026, forecasts GlobalData