Account Takeover Fraud: How to Prevent It?

Account Takeover Fraud – The threat of account takeover is one that we all face, and it’s time to take action. On Facebook alone, there are more than 600 million active users, with an average of 130 friends on each user’s list.

Each of these accounts is as valuable as the next, as many contain personal information such as phone numbers and email addresses that can be used in future attacks. To make matters worse, most users do not even realize they have been compromised until it is too late.

What is Account Takeover?

Account takeover fraud occurs when a cybercriminal uses your username and password (together known as credentials) to access and control your online accounts.

Once they have achieved this, they can:

• Lock you out by changing the password.
• Redirect your phone calls to another number.
• Access and misuse your personal information.
• Make purchases using your payment details (e.g., credit cards).
• Using the account to send spam emails in an attempt to commit further fraud.

What are the Statistics?

• The latest statistics show nearly 4 million phishing attacks in 2019 alone, with 30% of all phishing emails containing links to fake banking sites.
• Figures from 2020 show that approximately 100 million Facebook users have fallen victim to some form of online identity theft. More than $1 billion was stolen last year by criminals who targeted social media accounts.
• According to recent research, 70% of people aged 16–24 lost money through electronic means. Around 30% of this number had been victims of social engineering, and 85% did not know how their money was stolen.
• It is estimated that there are over 2 million cases of identity theft every single day in America alone.

How are Account Takeovers Performed?

Phishing Site

The first part of the attack is performed on a phishing site, which tricks users into disclosing their credentials by showing them a fake login page that looks like their own bank or online service. Once the victim has submitted his username and password, they are sent to the legitimate website.

They are authenticated automatically by using one-way hashes without any two-factor authentication (2FA). After this first stage, attackers access victims’ accounts if the same username and password were reused for other services.

Malware

Attackers acquire sensitive information through malware installed on client devices or by tricking users into disclosing sensitive information. Attackers actively seek UBA/2FA tokens or passwords, which are not bound to other devices.

Attackers change victims’ settings on their existing devices through malware installed on them, allowing them to intercept security emails that usually require a one-time password. The attacker then can take over victims’ accounts if the same usernames and passwords were reused for other services.

Types of Account Takeovers

Account takeover attacks can be made by using different methods, depending on how much effort an attacker is willing to make to gain access to user accounts:

Credential stuffing

The use of automated tools (scripts) to automatically test stolen credentials against large numbers of accounts in an online service.

Account Hijacking

Where unique authentication credentials are obtained for a user to access all their accounts at the same time.

Credentials Compromise

Where unique authentication credentials are obtained through social engineering or physical theft.

The attackers use credential stuffing methods to log in with the victim’s username and password on the actual website. At this stage, the attacker should have guessed correctly which other services were using the same login credential.

The attacker manually performs account takeover by using phishing techniques, the malware installed on victims’ devices, or intercepting security emails that usually require 2FA. The attacker uses credentials compromise methods to log on to the actual website.

What Can I Do to Protect Myself?

While there is no such thing as being 100% safe from an account takeover, you can significantly decrease the chances by following a few simple steps:

• Ensure all passwords consist of a combination of uppercase and lowercase letters with numbers and symbols where possible. If each password cannot be eight characters long, create several different passwords for your various accounts. Mix them up, so they don’t match.
• Do not use the same password for more than one account. If you do – change the passwords often to ensure security.
• Use a different email address for registration purposes on websites where possible, meaning only your primary email will be exposed if one account is compromised. This is not foolproof, but it will buy you some time.
• Make sure each of these accounts has an alternate contact number attached to it in case of compromise so that your accounts can be recovered as quickly as possible.

What are the Signs that I have been Compromised?

Most people are not aware that they have been compromised until their friends, family members, or employers inform them that strange activity has occurred within their accounts. There are some visible warning signs that you can look out for:

• Inability to access your account despite correct password entry.
• Unusual activity on your accounts such as friend requests, unexpected messaging or emails from unknown addresses, etc.
• Unexpected password changes by the account owner or a third party without your consent.

How Can I Protect My Friends and Family?

If you know someone who is not following these simple steps mentioned above and has been a cybercrime victim using their credentials, take action! Make them aware of the danger so that they do not fall victim again in the future.

You may also want to encourage them to upgrade their security settings, especially if they share personal information online with friends, family, and colleagues.

What Can I Do if My Account has Been Compromised?

If you are worried that an unauthorized person is using your account, act immediately, protect yourself, your friends, and your finances.

• Change the passwords on all of your accounts with immediate effect. This way, you will prevent further misuse or damage to your identity.
• You should also inform all banks, creditors, and other services where there may be a possibility that criminals could have gained access to personal details such as date of birth, address history, etc. This will put them on high alert for any suspicious activity within their records associated with you.
• If your social media accounts have been compromised, it is essential that you tell Facebook/Twitter so that they can take action to close the account down and prevent further damage.
• Finally, you should also check with your local police station or precinct for advice on any further actions you can take. This is particularly important if you have been the victim of cybercrime where financial details have been compromised.

How Do Secure Authentication Softwares Protect Me?

Secure authentication provides users with an extra layer of protection against identity theft/account takeover by ensuring that it’s them trying to access their online accounts. Secure authentication verifies that the user is trying to sign in to their account – not someone else trying to break in.

It generates strong two-factor authentication codes unique for each login session, so even if someone manages to steal their username and password, they cannot access the account without stealing or knowing that second authentication factor.

In addition, to secure authentication software, users should make sure they have a reputable anti‑malware product installed, which will detect malicious software such as keyloggers or spyware before it can do damage.

Other types of protection include browser add-ons such as NoScript for Firefox or ScriptSafe for Google Chrome which can help prevent cybercriminals from using JavaScript to infect your machine.