Account Takeover (ATO) | Intel471 Skip to content

Account Takeover (ATO)

A form of identity theft in which the criminal obtains access to a victim's bank, credit card accounts or business systems — through a data breach, malware or phishing — and uses them to make unauthorized transactions.

Homepage slide 1
25 Account Takeover

Account Takeover (ATO) occurs when a cybercriminal hacks your account or steals your information using your username and password. Account takeovers are perilous threats as they cause financial institutions to lose revenue. With ATO, fraudsters can steal existing accounts like bank cards, credit cards, social media, and even eCommerce websites. Successful account takeovers begin with attackers gathering data from data breaches or obtaining it on the cybercrime underground. Thieves can then access some personal information to make fraudulent purchases. An account takeover can result in fraudulent transactions on consumers' accounts.

As more businesses migrate their computer hardware to cloud computing, the takeover of employee accounts will become more of a threat. SaaS applications like Microsoft Office 365, Zoom, and Salesforce tend to become accessible from the internet. Cloud adoption means that security personnel must look at where users are authenticated. Using identity management alone is a grave threat from online scammers.

How fraud happens as a result of account takeovers

A common way attackers gain access to corporate networks is through spear-phishing emails. Spear-phishing involves sending targeted emails from someone who appears to be legitimate but actually has malicious intent. These emails often contain links or attachments that lead to websites where users are tricked into giving away personal information. Once this information is obtained, it can then be used by the attacker to gain further access to the victim's systems.

Cybercriminals also use social engineering techniques to trick people into handing over their login credentials. Social engineering refers to the practice of manipulating individuals into doing something they would not normally do. For instance, if you receive a phone call from someone claiming to be from your bank asking about a suspicious transaction on your account, you may hand over your login details without thinking twice.

Another method of gaining access to a network is through the use of brute force attacks. A brute force attack uses automated software to try thousands of different passwords until one works. This type of attack is very effective against weak passwords which have been reused too many times.

Account Takeover targets

Account takeover is prevalent across all industries, however, some industries like retail, financial services, video streaming, social media, and entertainment, higher education, and healthcare are often identified as the top money targets. While not a top target in terms of cash jackpots, small businesses often face risks for ATO that are out of proportion with their size. Small businesses often have smaller IT budgets and staff, so they are often less focused on security. Entrepreneurs may take solace in the belief that they’re too tiny to target. That is a false narrative.

Why is Account Takeover hard to protect against?

There are many reasons why account takeover is challenging to prevent. One reason is that there are no clear guidelines as to who is allowed to request changes to someone else's online banking credentials. Another issue is that some banks do not require multi-factor authentication for all logins. It is recommended that users change their usernames and passwords regularly. Also, keep track of any suspicious activity on your accounts. You can check your transaction history and alerts via your online banking portal. Finally, use strong passwords and don't share sensitive information.

Does my bank protect me from ATOs?

Banks offer several layers of protection to safeguard customers' identities:

  1. They employ sophisticated technology to detect malicious activities such as login attempts and failed transactions.

  2. They implement two-factor authentication with either text messaging or app-based services like Google Authenticator.

  3. Banks monitor suspicious activity over time to spot patterns indicative of potential attacks.

  4. They provide 24×7 monitoring and response teams trained to handle any situation involving stolen credentials.

In conclusion

Account takeovers are prevalent across all industries and are carried out by hackers who steal the credentials of legitimate users and then use those stolen accounts for financial gain or malicious purposes. End users can protect themselves through common-sense practices that limit the risk of becoming an ATO victim, including using strong passwords, remaining vigilant about their account activity for any suspicious or unusual behavior, and taking advantage of multi-factor authentication whenever it is available. However, larger organizations typically require layers of protection against ATOs, including sophisticated technology like Intel 471’s Credential Intelligence that delivers coverage across the entirety of the underground marketplace offering. This technology empowers organizations to proactively monitor and mitigate the risk associated with compromised credentials as their compromised credentials hit the marketplace over time, making it easier for dedicated cybersecurity teams to mitigate risk and handle situations involving stolen credentials.