What is Account Takeover?Defining the Threat Posed by ATO Attacks
In a Nutshell
You probably have dozens or even hundreds of online accounts… each of which can be turned against you. In this article, we provide an overview of what account takeovers are and describe the three-stage process that criminals use to hijack your digital life.
What are Account Takeover (ATO) Attacks?
How many online accounts do you have? Think about it: you probably keep your money at a few different banks, shop at a few online stores, have half a dozen or so subscription services… and that’s just getting started.
If your answer is “too many to count,” you’re probably right. According to NordPass, the average person maintains a whopping 168 online accounts. And, that figure has grown by 70% over the last three years.
From the cybersecurity expert (or chronic worrier’s) perspective, each of these accounts is a vulnerability; a target for scammers to break into and hijack for their own use in an attack known as an account takeover.
In this article, we’ll talk about this scam in detail. I’ll explain to you what account takeover is, how it’s carried out, and how you can keep your accounts — and yourself — safe.
Online Accounts Are a Dime a Dozen.
That’s a good deal for fraudsters looking to commit account takeover fraud.
Request a Demo
- Account Takeover Fraud
Account takeover fraud, or ATO fraud, is a form of identity theft by which a third party gains access to unique details of a trusted user’s online accounts. Fraudsters can pose as the real customer to change account details, make purchases, withdraw funds, and even leverage the stolen information to access other accounts.
[noun]/uh • kount • teyk • oh • ver • frawd/
Scammers often target accounts holding financial data or personally identifiable info (name, address, Social Security number, etc.). However, they may also target a variety of different profiles, including:
- Social media accounts can be used to mislead and manipulate your followers.
- Email accounts to mine personal info or reset passwords for other accounts.
- Bank accounts to steal money, infiltrate financial services, or secure loans.
- Amazon or other shopping accounts to make purchases and steal card info.
The insidious nature of account takeover fraud lies in the scammer’s desire to operate undetected, exploiting stolen credentials for as long as they can.
How Does Account Takeover Work?
Account takeovers happen when attackers gain access to username and password combinations through illicit means, and then use these stolen credentials to gain unauthorized access to online accounts that do not belong to them.
But, how exactly does an account takeover attack happen? It’s actually pretty simple:
