What Is Account Takeover?

Any account that has been taken over by someone other than the owner for malicious purposes, typically fraudsters. Bank accounts, credit cards, email and accounts in a marketplace are typical targets because fraudsters can gain financially form these accounts. Bank accounts are usually taken over as a result of phishing, spyware or malware scams.

Account takeover is a form of internet crime, and fraud crimes are committed when money has been lost. Fraudsters normally pose as the real account owner, change account details, make purchases, withdraw money and use the stoel information to gain access to more important accounts.

How Accounts Are Taken Over

There are numerous ways an account can be taken over and not all account takeover is for financial gain but, the majority of account takeover happens for financial fraud. Banks, major marketplaces and companies like Paypal have been dealing with this problem for over a decade. In fact, any website with a login page is a potential victim of account takeover. Once a fraudster gains access to an account they have the power to change the password and lock the real user out before using the stolen account for their private gain.

Here are some of the top ways accounts are taken over.

  1. Hacking of user credentials
  2. Spam containing malware links
  3. Brute force attacks (Credential Stuffing, Credential Cracking)
  4. Phishing (text or email)
  5. Change of address abuse

How To Stop Account Takeover

There are numerous ways to stop account takeover. Some are more effective than others. Staying ahead of fraudsters is important, complicated and the solution depends on the severity of the problem.

Login History

Data used to determine the account owner is logging into the account. Things like a history of IP addresses, cookies and browser sessions can all be used to help identify the account owner. These pieces of information should help guide the decision to further challenge or allow in a user.

IP Reputation

Using the history and reputation of the IP can help stop account takeover. Usage of this method depends on your product. Some products might not see authentication from different types of IPs, which may render this method ineffective. Alternatively, you may be able to stop account takeover by limiting IPs to mobile carriers, consumer IPs, etc.

Multifactor Authentication

This is a common way to add extra security to log in procedure. If a user trying to log in deviates from their known (or allowed) IP or other authentication factors, security can ask that that use a multifactor (MFA). A good example is Google requesting a One-Time-Password from a user.

Email Confirmation

This is a common use authentication technique that happens with a “new device”. You can decide to challenge a log in happening from a new device, limiting potential account takeover attempts.

User Knowledge

Most phishing attempts are broad, and as such don’t know much about their victims. Something called a “who is this?” check occurs after the password, but before completed authentication. Users must prove that they know something specific about the internal information of their account. It can be a photo, a piece of written data, etc. The downside is that targeted phishing attempts may pass this authentication.

These are a few common ways that fraudsters execute account takeover attacks. There are many more.