Account takeover fraud
Free on-demand webinar
By ATB Financial 11 February 2021
As account takeover fraud continues to grow and evolve at an alarming rate, so do the techniques used by cyber criminals. As a business owner, have you evaluated your vulnerabilities and risks to account takeover fraud during a time when some or most of your employees have shifted to a virtual environment? In this 60 minute webinar we discuss the anatomy of an account takeover, what happens beyond the theft, and fraud tactics that business owners should be aware of in order to mitigate risk. Some areas we will explore include:
- What are the most valuable targets?
- Modern password authentication
- How hackers use social engineering to takeover your accounts
- Password theft ecosystem
- A look into the Deep Dark Web
- Mitigating your risks of account takeover and security best practices
- Protecting your business from a corporate account takeover
All organizations are at risk.
There are 10 billion records of stolen credentials derived from about 100,000 data breaches available to cybercriminals across the dark web. These records can be used for an account takeover (ATO), which occurs when a fraudster uses legitimate credentials to log into an account for financial gain, to purchase products or to gather information. Any account that requires some form of authentication or credentials is at risk, but the businesses at highest risk are:
- Retail and e-commerce where accounts are tied directly to goods and services
- Video streaming services, social media and entertainment where cybercriminals can gain unauthorized access and collect personal information on users
- Banking and financial institutions as they control large amounts of money
- Higher-education institutions, which are rich with data on staff and students and hold highly sought-after research data and intellectual property
- The healthcare sector, where fraudsters can gain access to billing data and medical records
Understanding the cycle of fraud can help protect your organization.
Before an ATO takes place, the fraud actors or fraud threat groups will use a vector of attack—such as phishing, malware or a credential breach—to obtain the data they need to launch the attack. Stopping the vector of attack will stop the ATO, so it’s important to understand how to protect against them.
Once an ATO has occurred, cybercriminals will use bots or artificial intelligence to verify the stolen credentials by running them against thousands of websites. Because people tend to use the same passwords, one credential breach often leads to malicious activity across multiple sites. After the credentials are verified, they’re manually entered to extract value from the account. This all happens very quickly, so an affected individual or business may not even know they've fallen victim.
At this point, the cybercriminal(s) might sell the data on the dark web, where it can be worth a lot of money—and the cycle will start again with new fraudsters.On average,, stolen credentials are sold and resold on the dark web at least 10 times.
Or, they might take over the identity and accounts of the person or business attached to the credentials to buy expensive items, take out a loan or additional lending products or even commit fraud or illegal activities like money laundering. The repercussions of an identity takeover can last years or even a lifetime.
Protection begins with a plan.
The first and most important step in protecting your business is to develop a security plan. Begin by evaluating the ATO risk profile of your organization. Assess the cybersecurity measures already in place and evaluate them for current or future risks.
Ensure that cybersecurity and cybercrime are included in your organization’s corporate risk assessment and business continuity plans. Know what will be done in the event of a data breach, what immediate steps will need to be taken and what the escalation process will be. Document this information and keep it where it’s easily accessible.
Also ensure you’ve identified the most critical assets of the business such as data, client files and email servers, and determine how those assets will be protected. Create a risk register that prioritizes potential risks and look for tools to mitigate those risks.
Once a plan has been developed, it should be tested as though a fraud event or breach has already occurred. This will address any loopholes or vulnerabilities in the plan and allow employees to become comfortable with what they need to do in the event of a real breach. Businesses may want to consider engaging a cybersecurity expert to help develop, implement and test their security measures.
Creating a secure environment is important.
Businesses need to secure their online environment. This includes encrypting sensitive data, using complex passwords and changing them regularly, as well as having data restrictions in place so data is only available to employees whose job duties require it. Employees are the first line of defense so they should be trained on cybersecurity risks and how to mitigate them.
Businesses also need to secure their financial environment. For instance, they may want to designate a computer that’s solely used for online banking and isn’t connected to the corporate network. And they should work with their bank, which may have programs that can help protect businesses from unauthorized transactions.
If an attack does take place, disconnect the device from the network, contact your financial institution, consider closing the accounts and changing account numbers, sweep the devices on the same network, change all passwords and consider contacting law enforcement.
While we want this information to be useful for you, we make no promise, representation or warranty about its accuracy or completeness. We don’t accept any liability or responsibility whatsoever for any loss arising from any use of this document or its contents. This information is not kept up-to-date. Without our prior consent, this document may not be reproduced in whole or in part, or referred to in any manner, including any information, opinions and conclusions it contains. This document is provided for information purposes only and is not intended to replace or substitute for professional advice.