Did you know that 1 in 2 fraudulent financial transactions involves an account takeover (ATO) fraud? That’s the scale of ATO threats we’re faced with today. And it’s not just the financial industry that’s affected by them. The e-commerce sector, for instance, has been grappling with their dire ramifications for several years now. And ATO fraud attempts targeting e-commerce retailers and their customers have risen by as much as 282%.
But what exactly is account takeover fraud? It’s a type of identity theft where a criminal gets access to your personal accounts. ATO fraud is mainly associated with unauthorized access to financial accounts such as credit cards and savings accounts. But in reality, you can experience such an attack even with your e-commerce or email accounts.
How can an account takeover fraud occur?
A criminal needs access to your account credentials to commit this type of fraud. But how could they get hold of your information? They could launch spyware onto your computer to access confidential login data you may have saved. Phishing attacks are incredibly common, too. This is when a criminal uses impersonation and deception to trick you into divulging login credentials.
Data breaches provide another valuable source to access personally identifiable data at a mass scale. The hacking attack on Marriott International that compromised data belonging to 5.2 million guests illustrates this perfectly. It didn’t just expose their names and room preferences but also their email addresses, phone numbers, dates of birth, and loyalty account numbers.
Of course, a criminal could use many other sophisticated tactics, from man-in-the-middle attacks to credential stuffing and card reader skimming to access your account credentials. And once they get in, they can commit various types of fraud, from money transfers to credit card purchases, which could result in substantial financial loss.
Avoiding account takeover fraud
Recovering from an account takeover fraud could be time-consuming. It may also take several years, leaving you in constant fear of unforeseen threats. But by strengthening security measures, you could minimize its risks.
Here’s how you can protect yourself from a hostile ATO attack.
According to a Verizon report, 81% of hacking-related data breaches are the result of compromised passwords. Therefore, guarding your login credentials is a priority you should never overlook.
- Set up lengthy passwords with a mix of letters, numbers, and special characters. The longer the password, the more difficult it would be for a fraudster to guess.
- Make use of two-factor authentication provided by many account-holding sites.
- Avoid sharing account credentials and personal data such as your email address, date of birth, phone number, and social security number.
- Use passwords that are difficult to guess. Using common phrases and personal information such as names of family members and dates of birth could increase the risks of ATO threats.
- Refrain from reusing the same password for several accounts. Recycling passwords is a common practice that could easily leave multiple accounts vulnerable to a hacking attack. Therefore, protect each account with a distinct password.
- Avoid keeping records of login credentials. If you have an overwhelming number of accounts, a secure password manager can help you store, protect, and organize them.
- Change your passwords every few months.
Besides breached passwords, there are many other ways to compromise your accounts. For example, it could be the result of a simple error in judgment or a malicious attack. Anticipating these and taking proactive measures to protect your data is, therefore, essential.
- Guard against email, phone, and text phishing attacks. Phishing was the most common cybercrime in 2020 and has nearly doubled from the previous year.
- Avoid clicking on email links, even if they appear to come from individuals or organizations known to you. They could, for example, take you to a malicious site that impersonates your bank and collect credentials as you attempt to log in to your account.
- Avoid downloading email attachments to protect your devices from a malware attack.
- Stay away from dubious websites. Look for the HTTPS prefix and double-check on the site URL you want to visit. Sometimes, criminals could set up hoax websites with names that resemble popular sites. And the difference is often a single letter or a special character, which can easily go unnoticed.
- Clear your browser history and cache frequently. You can also deactivate search suggestions and prevent the browser from storing your search queries.
- Deactivate public visibility of personal information in all your online accounts.
- Avoid using unsecured Wi-Fi networks, especially those that are publicly available. They can create opportunities to infiltrate and spy on your online activities.
- Opt for a virtual private network (VPN) or personal hotspot.
If left unguarded, your devices could expose you to an ATO attack.
- Do not leave your devices out of sight and protect them from theft. Banks often send one-time passwords via email or text. So, a stolen phone, for example, could easily provide a criminal with access to your bank accounts.
- Ensure you have set up passwords for all your devices. Make use of biometrics features such as fingerprints if available.
- Avoid lending your devices to friends, family, and colleagues. It could open up opportunities for unintentional and deliberate threats to your accounts.
- Be cautious about software, plugins, and apps you download. These can expose you to severe threats. Third-party apps, for instance, could monitor your activities and steal data without your knowledge.
- Install anti-virus software and keep all device software up to date.
By adopting these steps, you can significantly minimize the threat of account takeover fraud and protect your data and personal wealth. But keep in mind that certain incidents will still persist. For instance, you will not be able to prevent attacks on company databases. So, while you take preventative steps, remaining vigilant to detect ATO threats on time is equally essential to mitigate damage.