Account takeover attack: Here’s a close view of one of the most favored attack techniques of fraudsters

• Organizations that offer more services on their websites such as customer loyalty rewards are more liable to such attacks.
• Account takeover attacks are usually performed to conduct financial fraud, spamming, phishing attacks and virtual currency fraud.

Account takeover attacks are increasing at a fast pace. A report from Forter has revealed that cybercriminals are using botnets to launch more than 100 of these attacks every second. Around 20% to 30% of these account takeover attacks are launched by organized hacking groups. Account takeover is the easy way for cybercriminals to get the information they need.

What is account takeover attack?

Account takeover attack (ATO) is a form of identity theft attack where a fraudster gets unauthorized access to a victim’s bank or online e-commerce account. The unauthorized access can be obtained by stealing credentials for email accounts. Such attacks fuel the underground market forums with compromised accounts, which are sold or exchanged for a variety of other malicious attacks.

Account takeover attacks are usually performed to conduct financial fraud, spamming, phishing attacks and virtual currency fraud.

The primary targets

Organizations that offer more services on their websites such as customer loyalty rewards are more liable to such attacks. The Forrester report reveals that loyalty programs and rewards have increased the risk of account takeover attacks by as much as 200% in 2018. Another report from Barracuda has disclosed that almost 29% of organizations had their Office 365 accounts compromised by hackers in March 2019 due to account takeover attacks.

How does it work?

An organized hacking group perform account takeover at large scale by leveraging massive bot armies. These bots try to attempt brute-force attacks on targeted consumer-facing websites. A vast majority of the attempts involve accounts that have all valid email addresses registered with a particular retailer.

The fraudsters obtain this massive amount of credentials in various ways which include:

• Purchasing credentials via dark websites;
• Searching publicly available databases or on social media;
• Conducting a phishing scam through email or messaging services;
• Leveraging malware to install a keylogger to records data;
• Using a brute-force password cracking tool.

Impact

A successful ATO attack can result in dire consequences. The fraudsters can acquire personal information such as billing address, credit card number, or social security number. The attackers can even change the existing contact information, place fraudulent orders or even lock the customer out of the account using the ATO attack.

How to prevent it?

Users are advised to follow some basic security measures to stay safe from account takeover attack such as:

• Using strong passwords with two-step authentication factor;
• Using spam filters to spot anomalies in emails;
• Monitoring the inbox periodically for suspicious activity;
• Keeping a track of all online shopping accounts;
• Not connecting to public Wi-Fi for banking. In case of urgency, use VPN for such activities.