**TWO BOXES **RED CALLOUT BOX /*LIST*/ .bottom { margin-bottom: 1.2rem; }

Account Takeover (ATO) FraudAre Scammers Impersonating You by Gaining Access to Your Accounts?

April 6, 2023 | 15 min read

This image was created by artificial intelligence using the following prompts:

A man in disguise, wearing a mask, pretending to be someone else to defraud a victim. Pops of red and teal.

Account Takeover Fraud

In a Nutshell

Nowadays, you’re more likely to be robbed online than anywhere else. Fraudsters often do this by compromising your account credentials, then impersonating you and using your accounts. In this article, we'll unpack account takeover fraud, including how it works, why fraudsters do this, what impact it has, and how you can prevent it.

What is ATO Fraud? How it Works & How to Defeat it

When was the last time you changed your account passwords? How often do you change them? Do you have any accounts that share the same password, and does anyone else have access to one of your accounts?

If you’re struggling to answer any of these questions, you could be at serious risk for account takeover fraud.

Scammers use account takeover (or “ATO”) tactics to target individuals, businesses, and banks on a daily basis. It’s crucial for all stakeholders to recognize the gravity of this issue, and take the necessary steps to combat it.

What is Account Takeover Fraud?

Account Takeover Fraud

[noun]/uh • kount • teyk • oh • ver • frawd/

Account takeover fraud, or ATO fraud, is a form of identity theft by which a third party gains access to unique details of a trusted user’s online accounts. Fraudsters can pose as the real customer to change account details, make purchases, withdraw funds, and even leverage the stolen information to access other accounts.

Account takeover fraud occurs when fraudsters hijack your online accounts by obtaining sensitive details. They impersonate you to modify account info, make transactions, withdraw cash, or exploit the stolen data to breach other accounts.

Scammers often target accounts holding financial data or personally identifiable info (name, address, Social Security number, etc.). However, they may also target a variety of different profiles, including:

  • Social media accounts can be used to mislead and manipulate your followers.
  • Email accounts to mine personal info or reset passwords for other accounts.
  • Bank accounts to steal money, infiltrate financial services, or secure loans.
  • Amazon or other shopping accounts to make purchases and steal card info.

The insidious nature of account takeover fraud lies in the scammers' desire to operate undetected, exploiting stolen credentials for as long as they can.

When social engineers strike, they leave chargebacks in their wake. Make sure you're protected.REQUEST A DEMO

How Do Fraudsters Takeover Accounts?

Technological advances are invariably going to attract bad actors. They look for ways to manipulate new technologies, just as they would manipulate people.

Scammers can use a variety of tactics to get access to your accounts. Here are a few common examples that illustrate how fraudsters can use ATO to their advantage:



Phishing is perhaps the most insidious tactic on the list, since it cannot function without the victim’s help. A clever phishing scam doesn’t need much more than an email address and a great line to be effective.

How it Works:

Phishing refers to any practice by which a fraudster tries to trick individuals to reveal personal information, such as passwords and credit card numbers. This can be done through emails purporting to be from reputable sources, dummy sites, etc.

Best Defense:

Merchants should require users to complete two factor authentication when they log in from a new device or add a new payment method. Consumers can protect themselves by adding similar methods (see the “Layer Up” subsection below).

SIM Card Swapping

SIM Card Swapping

A SIM swap scam is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification. Specifically, it works when the second factor or step is a text message or call placed to a mobile telephone.

How it Works:

A fraudster contacts a user’s mobile carrier, telling them they have a new device. The fraudster then uses stolen credentials to gain access to accounts they wish to use, but is able to subvert the two-step authentication process by tricking device fingerprinting methods.

Best Defense:

If a cardholder’s personal details are accessed by someone in another region, or they are suddenly unable to access certain accounts, they should change their credentials immediately. Never reuse credentials on multiple sites. If the device they typically use to access sites is no longer recognized, they should contact their mobile provider immediately.



Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. This is the method by which most fraudsters gain access to systems they haven’t been inadvertently invited to, whether through phishing or by other means.

How it Works:

Most often, malware is injected into a user’s computer through faulty apps, unsecured sites, or through hardware that is inserted into a drive. The malware then tracks keystrokes or other activity to capture login credentials.

Best Defense:

Cardholders should ensure their systems are secure and that they follow security best practices online. For merchants, your employees should only access necessary data through secured networks.


Mobile Banking Trojans

Banking trojans are type of malware that tries to obtain access to confidential information which is stored or processed through online banking systems.

How it Works:

This is malware 2.0. Instead of targeting your system at large, rooting for whatever can be sifted from your data, mobile banking trojans are targeted attacks that are designed to escape your notice.

Best Defense:

Cardholders need to guard their banking details carefully. If a site doesn’t look trustworthy, they should never add their payment details. Period.

Man-in-the-Middle Attacks

Man-in-the-Middle Attacks (MitM)

Imagine you’re at a coffee shop and you’re attempting to pay one of your friends for the coffee they purchased for you. Naturally, you login to a site like Cash App or Zelle and attempt to pay your friend. What you didn’t know was that there was a suspicious individual in the same room, accessing your accounts from the unsecured network you used to make the payment.

How it Works:

This attack is a lot like eavesdropping. A fraudster will position themself between your data and its reception point on a network in order to redirect that information or payment elsewhere.

Best Defense:

Cardholders should never transmit sensitive information via public Wi-Fi. Also, savvy merchants provide secured Wi-Fi networks for all in-house use, including any that might be consumer-facing.

Brute Force Attacks

Brute Force Attacks

This method, known as an exhaustive key search, is exactly what it sounds like. When stealth and subterfuge fail, fraudsters may attempt to bombard your system with a flurry of password cracking attempts. Perhaps this method may seem less dangerous than the others, but the statistics above show that the number one weakness in cybersecurity is password strength.

How it Works:

Brute force attacks involve a fraudster bombarding your firewalls and system checks with a bevy of passwords all at once. The goal is to gain a keyword that might crack the whole system. The attack will often persist until the password is accepted or the keyword is revealed.

Best Defense:

Merchants should budget for strong anti-virus and password management software.

What Do Fraudsters Do With Stolen Accounts?

It doesn’t matter whether you’re an everyday consumer or the owner of a multi-million dollar eCommerce corporation. Your data is valuable.

Scammers will target anyone they can in hopes that they can use that information to steal from as many sources as possible, using the least amount of effort on their part. If a criminal hijacks your account, for instance, they can:

  • Order a new card for unauthorized purchases.
  • Buy a new smartphone via your carrier.
  • Redeem credits, rewards, miles, etc. for their own gain.
  • Make fraudulent payments from your account.
  • Open a bank account under your name.
  • Place orders on shopping or delivery platforms.
  • Redirect unemployment, pension, or Social Security benefits.
  • Steal your personal information.
  • Change your account details like phone, email, address, or credentials.
  • Access other accounts using the same stolen info.
  • Sell your account information on the dark web.

Account takeover fraud is a menacing reality with far-reaching consequences for all parties involved.

Account Takeover (ATO) Fraud

For Consumers

Account takeover fraud can lead to financial losses, damaged credit scores, and stolen identities. Consumers may face a long and challenging road to recovery. This often involves dispute resolution processes, credit report corrections, and the painstaking task of rebuilding their financial reputation.

Account Takeover (ATO) Fraud

For Businesses

Businesses suffer from chargebacks, lost merchandise, and eroded customer trust. The financial impact can be crippling, and the damage to a company's reputation may lead to customer attrition and reduced market share. If the attack is severe enough, it may cause the entire organization to collapse.

When someone uses your name and credentials to defraud institutions, run scams on friends or loved ones, or expose colleagues and partners to online abuse, it can take years to recover that good faith. By acknowledging and taking ATO fraud seriously, everyone can better protect themselves and contribute to a safer digital landscape.

Eliminate fraud. Protect your revenue. Get started today.REQUEST A DEMO

Responding to the Top 5 ATO Attack Points

Cybercriminals aim to conceal their access to your account to prevent recovery attempts. Here are the top five account takeover attack points, plus the red flags to watch for, and what to do when you identify them:

Initial Dispute

Account Takeover Bots

Attackers engage in credential stuffing by targeting online shops with automated tools or scripts that attempt repeated logins using randomized credentials.

Red Flags

  • Sudden changes in site traffic, such as multiple login attempts
  • Higher-than-usual login failure rates
  • Downtime caused by increased site traffic

What to do

  • Implement bot detection (e.g., CAPTCHA)
  • Enforce strong password guidelines
  • Use multi-factor authentication (MFA) and risk-based authentication

Initial Dispute

Bank Account Takeovers

Hackers access your online bank account to steal personal information, change transfer details, and fraudulently withdraw money.

Red Flags

  • Unfamiliar charges
  • Altered contact information
  • Fraud alerts from your bank or credit monitoring app

What to do

  • Contact your bank's fraud department
  • Reset your passwords
  • Freeze your credit and report fraud to the Federal Trade Commission

Initial Dispute

Business Email Compromise (BEC)

Scammers access company data by taking over an employee's email account, impersonating the victim, and targeting others for restricted data or payment requests.

Red Flags

  • Generic outreach emails in your outbox
  • Unusual IP addresses or browsers in your account history
  • Numerous password reset emails

What to do

  • Alert your IT team
  • Change your password and add MFA
  • Educate your team on phishing scams

Initial Dispute

Government Benefit Account Takeovers

Cybercriminals access your online IRS or mySocial accounts to file fraudulent tax returns or claim benefits in your name.

Red Flags

  • Inability to file your tax return electronically
  • Receiving calls or letters about unclaimed benefits

What to do

  • Contact the IRS and complete Form 14039
  • Report fraud to the Social Security Administration

Initial Dispute

Social Media Account Takeovers

Fraudsters access your social media profiles to harvest personal information, send scams, and post in your name.

Red Flags

  • Friends questioning unusual messages from you
  • Unrequested password reset requests
  • Changes to your profile

What to do

  • Close all active sessions and reset your password
  • Report fraud to the social media site
  • Inform friends and family of the hack

Now you should have a better understanding of how account takeover fraud works, as well as how and why you might be targeted. So, it’s now important to think about how you prevent being a victim in the future.

Even after an account takeover fraud attack happens, there are still preventative actions to take. The key is to learn from past experiences.

Preventing Account Takeover: 5 Tips for Consumers

Cybercriminals are constantly seeking ways to gain unauthorized access to your online accounts. That’s why it's crucial to take preventive measures. To that end, we've compiled a list of five straightforward tips to help the average consumer protect their online presence and keep fraudsters at bay:

Password Perfection

The foundation of account security lies in creating strong, unique passwords. Forget the days of “password123;” you need to embrace the power of a complex passphrase. Use a combination of upper and lowercase letters, numbers, and special characters.


Consider using a trusted password manager like Lastpass to help generate and store your passwords securely.

Account Takeover (ATO) Fraud
Most Commonly UsedPasswords

Two-Factor Authentication (2FA)

Adding an extra layer of security is always a good idea. Enable two-factor authentication (2FA) on your accounts whenever possible. This requires a secondary verification method, such as a one-time password (OTP) or biometric data, in addition to your primary password. This ensures that even if your password is compromised, attackers still can't access your account.

Monitor Account Activity

Regularly reviewing your account activity can help you spot any suspicious behavior before it escalates. Set up notifications for unusual transactions, login attempts, or changes to your account information. If you notice anything out of the ordinary, take immediate action by contacting your account provider or changing your password.

Beware of Phishing Attacks

Fraudsters often use phishing emails or messages to trick you into revealing sensitive information. Be vigilant about scrutinizing any email, text message, or social media communication that requests your login credentials or personal data. Remember: legitimate companies will never ask you for your password or sensitive information through these channels.

Keep Software Up-to-Date

Outdated software can be a goldmine for cybercriminals looking to exploit vulnerabilities. Regularly update the operating system, web browsers, and security software on all of your devices to stay protected against new threats.

Account takeover fraud can have serious consequences. But, by implementing these simple steps, you'll be well on your way to securing your online presence. Stay informed, stay vigilant, and stay one step ahead of fraudsters.

Preventing Account Takeover: 5 Best Practices for Merchants

No business is immune to fraud. However, the means to combat fraud are also diversifying. There are now plenty of tools and tactics you can deploy to protect your business and your customers against account takeover fraud.

With that in mind, here are five best practices to get you started:

Check Password Strength

Discourage customers and employees from ever using the same password twice, or sharing one password across multiple accounts. Remembering dozens of sets of login credentials is hard, but password management software like Single Sign-On (SSO) can alleviate password anxiety and keep accounts safe.

Layer Up

Another good idea to protect your data is to deploy a multilayer strategy. Adopt cybersecurity best practices, deploy secondary security processes like security questions, and offer two-step authentication. The more fraud detection mechanisms you have in place, the harder you make it for fraudsters to take advantage of you.

Go High-Tech

Using the biometric identification software enabled on most smartphones and tablets can provide a solid finishing touch to your security plan. Biometric information is much harder to crack than manually entered data. Many mobile payment apps like Apple Pay allow for biometric payment authentication.

Get Virtual

Individuals who work from home can better defend their data by implementing Virtual Private Networks (VPNs) across all web-based platforms. You should also ensure that you always operate according to PCI compliance standards to protect your customers’ data.

Hire a Pro

Fraud prevention services are in high demand. They are proven to drastically reduce breaches that lead to lost revenue. If you manage a multitude of accounts at risk for takeover fraud, third-party software or services might save you the most money in the long run.

Thinking about hiring a third-party fraud prevention specialist? Chargebacks911 can help! With over a decade as an industry leader in fraud and chargeback prevention, Cb911 is uniquely placed to help businesses diversify and streamline their fraud prevention strategies.


What are the characteristics of account takeover fraud?

Account takeover fraud is a form of identity theft that occurs when fraudsters hijack your online accounts by obtaining sensitive details. They gain access to one of your accounts and impersonate you to modify account info, make transactions, withdraw cash, or exploit the stolen data to breach other accounts.

How does account takeover happen?

Account takeover fraud occurs when fraudsters hijack your online accounts by obtaining sensitive details. They impersonate you to modify account info, make transactions, withdraw cash, or exploit the stolen data to breach other accounts.

Scammers often target accounts holding financial data or personally identifiable info (name, address, Social Security number, etc.).

What are red flags for account takeover?

Any activity in your accounts that you don’t recognize could be linked to an account takeover attack. Additional red flags include: altered contact information, notifications about multiple login attempts, receiving calls or letters about unclaimed benefits, numerous password reset emails, or friends and family receiving unusual messages from your account.

How common is account takeover?

In 2022, the FTC received over 1.1 million reports of identity theft, and over $2.6 billion in losses were reported.

Like What You're Reading? Join our newsletter and stay up to date on the latest in payments and eCommerce trends.
Newsletter Signup
We’ll run the numbers; You’ll see the savings.
Please share a few details and we'll connect with you!
Over 18,000 companies recovered revenue with products from Chargebacks911
Close Form
Embed code has been copied to clipboard