Sixty-five percent of accounts that experience an account takeover attack — when an outsider logs in with a victim’s own username and password — have not been accessed by their true owner in more than 90 days, according to forthcoming research from DataVisor, a California-based startup specializing in fraud detection. When an account is dormant for awhile, it’s easier for a crook to use an unsophisticated method to get in, take what they want and get out before they’re caught. “Additionally, the online service where the account is registered may not have enough information about the user to detect that there is a change in the account behavior. It’s different for social media accounts, where hackers can afford to linger for some timebefore they risk exposing themselves by taking action. In one large attack, DataVisor found, 81 percent of the compromised accounts started posting spam and attempted scam messages three weeks after initially logging in.