How To Protect Yourself From Account Takeover Fraud (ATO)

Share this:

J.R. Tietsort

Chief Information Security Officer at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    Would You Know If a Scammer Took Over Your Online Accounts?

    When 27-year-old financial planner, Andrew, saw a friend on Instagram posting about a huge return on a $3,000 investment, he was skeptical [*]. But after a few back-and-forth messages, he felt confident enough to transfer both money and Bitcoin to his friend’s investment manager.   

    The only problem? His friend’s Instagram account had been hacked and taken over by scammers. Andrew's $3,000 investment disappeared — along with sensitive information about his financial accounts.

    Andrew was caught up in what’s called account takeover fraud (ATO). This occurs when scammers trick you into giving up access to your social media, banking, email, or other online accounts.

    In 2021 alone, account takeover attempts jumped by 148% [*]. ATO has become a serious issue for millions of Americans as well as businesses and financial institutions. Once fraudsters gain access to your online accounts, they will scam your contacts, drain your bank accounts, or steal your identity.

    So, how does account takeover fraud happen? And what can you do to protect your bank accounts, identity, and sensitive information from being stolen? 

    What is Account Takeover Fraud (ATO)? 

    Account takeover fraud occurs when criminals successfully gain access to your online accounts. 

    Scammers target any online account that contains either your financial information (credit card numbers, account details, etc.) or your personally identifiable information (full name, address, Social Security number, etc.). 

    For example, scammers may try to take over your: 

    • Social media accounts to impersonate you and run scams on your followers. 
    • Email account to find your personal information or request password resets to other accounts.
    • Online banking accounts to steal your money, break into your financial services, or take out fraudulent loans.
    • Amazon or other online customer shopping accounts to make fraudulent purchases on ecommerce sites and steal your credit card numbers.

    What’s especially dangerous about account takeover fraud is that scammers don't want their victims to know they've been hacked. Instead, they want to use their stolen credentials and account information, unnoticed, for as long as possible.

    Take action: If scammers have access to your online accounts, your bank account, email, and identity could be at risk. Try Aura’s identity theft protection free for 14 days to secure your identity against scammers.

    How Do Account Takeovers Happen? 

    Scammers have developed several ways to take over your online accounts, including: 

    • Phishing attacks using social engineering. Phishing attacks occur when scammers send you emails and texts, or call you on the phone pretending to be a representative from a company you know. They use threatening language to trick you into  giving up sensitive information or clicking on links that take you to phishing sites. 
    Scammers will try to get you to click on links in phishing messages that steal your login credentials. Source: Aura team
    • Credential stuffing. Scammers use software that tries thousands of password combinations to break in (also known as a “brute-force attack”). Modern password attacks can even avoid website fraud detection.  
    • Buying passwords on the Dark Web. Fraudsters that lack the technical skills to harvest your login details themselves can buy leaked passwords on the Dark Web. For example, a hacked PayPal account can sell for as little as $14 [*].
    • Using malware and key logging software. Hackers can also infect your device with malware and spyware that logs any information you input and sends it to the scammer in real-time.  
    • Man-in-the-Middle attacks (MitM). A MitM attack takes advantage of weak Wi-Fi security to eavesdrop on your activity. Bad actors can watch what you do online and gather your personally identifiable information (PII).
    • Taking advantage of security vulnerabilities. Out-of-date software often includes vulnerabilities. Cybercriminals use these to remotely access your personal data or take over your device. 

    💡 Related: Social Media Privacy — The Risks (And What You Can Do)

    Do this now: Check if your online accounts are at risk

    Aura’s free leaked password scanner can show you which of your login credentials have been leaked on the Dark Web.

    Aura free leaked password scanner

    What Happens if Someone Takes Over Your Online Accounts? 

    The dangers of account takeover fraud cannot be understated. Think about the sheer quantity of sensitive information that someone could find in your email or social media accounts. Bank account and tax information, credit card details, and more — not to mention sensitive messages, photos, and videos. 

    Account takeover is also a serious issue for businesses. If scammers break into business accounts, they can cause irreparable damage. 

    For example, Business Email Compromise (BEC) — in which scammers take over business email accounts — costs companies anywhere from $80,000 to $14.8 million to resolve [*].

    For Individuals For Businesses
    Identity theft. Successful account takeovers give scammers enough information to steal your identity. Loss of customers. Data breaches can ruin the customer experience and make users lose confidence in your security measures.
    Financial losses. Scammers can empty your accounts or make fraudulent purchases. If you don’t notice the fraudulent charges immediately, there’s a risk that you will be left to front the cost. Reputation damage. Companies that compromise user accounts are seen as having a lax attitude about data privacy.
    Further account takeovers. If a cybercriminal breaks into one of your accounts, they'll attempt to take over others. Higher processing fees. Every chargeback from “friendly fraud” and transaction disputes can drive up processing fees.

    While businesses have tools to try and detect fraud, consumers don’t always have that same level of digital security

    So, how can you tell if someone is trying to take over your account?

    💡 Related: Did Your Email Get Hacked? Here’s How To Know & What To Do →

    The Warning Signs of Account Takeover Fraud (and What To Do) 

    Cybercriminals want to hide the fact that they have access to your account (so you don’t try to recover it). 

    Here are the warning signs of the most common types of account takeover fraud and what you should do:

    1. Bank account takeovers 

    In a bank account takeover attack, cybercriminals successfully gain access to your online bank account. Once in, they can steal your personal information, change and reroute transfer details, and try to fraudulently remove your cash. 

    ⚠️ Warning signs of bank account takeovers 
    • Unfamiliar charges. Look for charges that you don’t recognize — both large and small. Scammers will try to validate your bank account or credit card information by making small purchases first before moving onto larger fraud attempts (this is called “carding”).
    • Changes to your phone number or email address. Hackers will switch your contact information to bypass-two-factor authentication (2FA) controls. 
    • Fraud alerts from your bank credit monitoring app. Aura’s credit monitoring app constantly monitors all your financial accounts for signs of fraud, and will alert you in near-real time of any suspicious activity.
    Aura credit monitoring
    Aura will alert you of any suspicious activity in your bank account. Learn more about credit monitoring
    What to do if a criminal takes over your online bank account 
    • Contact your bank’s fraud department. Call the number on the back of your debit card and inform them of the fraud. Your bank will freeze or cancel your account and get you set up with a new one. 
    • Reset your passwords. If you have completely lost access to your bank account, request a password reset to kick out the intruder.
    • Freeze your credit with all three major credit bureaus. A credit freeze stops scammers from opening new lines of credit in your name. Contact TransUnion, Equifax, and Experian to report the identity theft, and ask each of them to freeze your credit.
    • Report the fraud to the FTC. Account takeovers are a type of identity theft. File an official report with the Federal Trade Commission (FTC) at identitytheft.gov. An official report is required to dispute fraudulent transactions and close accounts.
    Take action: If you accidentally give scammers your personal data (or its leaked in a data breach), they could take out loans in your name or empty your bank account. Try an identity theft protection service to monitor your finances and alert you to fraud.

    2. Social media account takeovers 

    During a social media account takeover, fraudsters gain access to your online profiles. Once in, they can harvest the personal information you used to create the account, read the content in your private messages, send scams to your friends and family, and post publicly in your name. 

    ⚠️ Warning signs of a social media account takeover
    • You receive messages from friends asking about unusual messages that you’ve supposedly sent them. If multiple friends ask why you’re spamming them with links to advertisements or documents, this can indicate you’ve been hacked. 
    • Password reset requests. Look for login attempts and password reset requests in your email inbox that you didn’t request.
    • You notice changes to your profile. If someone (other than you) starts changing your profile, deleting old posts, or adding new pictures and banners, then you need to take immediate action. 
    What to do if a criminal takes over your social media account
    • Close all active sessions and reset your password. Most social media sites will show you from what devices (and where) your account is logged in (i.e., Instagram’s Login Activity). Force any session or device you don’t recognize to log out, and then change your password immediately. 
    • Report the fraud to the social media site. Contact customer support, and let them know that someone has taken over your account so that they can deactivate it or return access to you. 
    • Contact your friends and family. Tell your friends and family members that you’ve been hacked so they don’t get tricked into clicking on a phishing scam or malware attachment that they believe was sent by you. 

    💡 Related: How To Recover a Hacked Instagram Account [Step-by-Step] →

    3. Government benefit account takeovers 

    In a government benefit account takeover, cybercriminals gain access to your online IRS or mySocial accounts to file fraudulent tax returns or claim benefits in your name (and reroute the payment to their accounts).

    ⚠️ Warning signs of a government benefit account takeover 
    • You can’t file your tax return electronically. Be especially cautious if you go to file a tax return but are told by the IRS that someone has already filed one under your Social Security number (SSN).
    • You receive calls or letters about benefits that you haven’t received. If the government sends you letters related to benefits you haven’t received, then it’s time to investigate further. 
    What to do if a criminal takes over your government benefit account 
    • Contact the IRS. Contact the IRS immediately to notify them that someone has taken control of your account. You will need to fill out Form 14039 — the IRS Identity Theft Affidavit. 
    • Contact the Social Security Administration (SSA). Report the fraud to the state workforce agencies in the state(s) where it took place. (The U.S. Department of Labor has a list of state fraud hotlines here.)

    💡 Related: Someone Claimed Unemployment in My Name! What Can I Do? →

    4. Business Email Compromise (BEC) 

    Business data is big business for scammers who sell it on the Dark Web or use it for further attacks. In a BEC attack, scammers gain access to a company’s protected data by taking over an employee’s email account. 

    BEC scammers will sometimes fake an executive’s email address to try and run their scam. Source: Aura Team

    Once scammers control the account, they impersonate the victim and target other employees or customers to gain access to restricted data or request payment for services or invoices.

    ⚠️ Warning signs of a Business Email Compromise (BEC) 
    • You find many generic outreach emails in your outbox. If you’re looking through old sent emails and find lots of spam, then it’s time to take a closer look. 
    • Unusual IP addresses or browsers in your account history. If you check your account history and find that someone has logged in from an unusual browser or device, then this is a strong indicator of compromise. 
    • Password reset emails. If someone tries to brute-force hack your account, there will be lots of password reset emails in your inbox — not just for your email but potentially other accounts as well — especially if you reuse passwords. 
    What to do if a criminal compromises your business email 
    • Notify your IT team immediately. Don’t wait to contact your IT department if you think your email has been compromised. Let them know right away so that they can work to contain the incident and stop a potential data breach. 
    • Change your password and add two factor or multi-factor authentication (2FA or MFA). If you think someone has broken into your account, change your password and add 2FA or MFA so that even if scammers know your password, they won’t be able to log in without a one-time passcode.
    • Educate your team on the warning signs of a phishing scam. Increase your team’s natural fraud prevention toolset by showing them what a typical phishing attack looks like. 

    💡 Related: Phishing Email Examples: 20 Emails That Don’t Look Like It →

    Did a Scammer Take Over Your Accounts? Do This! 

    If scammers have taken over any of your accounts, you need to act quickly. The longer they have access to your account, the more damage they can do. 

    Here’s what you can do to regain control of your compromised accounts:

    For individuals: 
    • Contact the account provider to notify them that your account was breached. Follow the steps for regaining access to your account.
    • Update all software and apps to eliminate potential vulnerabilities. 
    • Install antivirus and anti-malware on your devices to make sure scammers can’t keep spying on you. 
    • Change your passwords so that attackers can’t continue to log into your accounts.
    • Set up 2FA or MFA to protect against credential theft.
    Take action: Protect yourself from the risks of identity theft and fraud with Aura’s $1,000,000 in identity theft insurance. Try Aura free for 14 days to see if it’s right for you.
    For businesses: 
    • Contact your IT department immediately. The cost of an account compromise rises with every minute that a hacker has access to your network. 
    • Remove permissions for the compromise account, and then reset your passwords. 
    • Alert users or customers if their account has been frozen by the anti-fraud team. 
    • Report the incident to the local police, along with state and federal authorities.

    The Bottom Line: Keep Your Accounts Safe from Scammers 

    While account takeover fraud can be addressed after a breach, it’s much easier and less stressful to prevent unauthorized access from taking place in the first place. 

    Being aware of the real risks that result from account takeovers, ATO fraud, and ATO attacks is part of the battle in protecting your information. 

    Fortunately there are a number of simple actions you can take to drastically reduce your chances of being hacked:

    • Never reuse passwords across accounts. Instead, use a password manager  to keep track of your account logins. 
    • Always use secure (and unique) passwords, and enable 2FA with an authenticator app (rather than via text/SMS). 
    • Use a Dark Web scanner to see if your information has been leaked online.
    • Check active login sessions on your social media and email accounts, and force any unrecognized devices to log out. 
    • Install antivirus software to protect against password-stealing malware. 
    • Use a VPN to protect your home wi-fi network against man-in-the-middle attacks.

    Finally, for added protection, consider signing up for Aura’s all-in-one digital security solution. Aura protects you and your family against online scammers who try to take over your accounts, steal your money, or worse. 

    Keep your accounts and identity safe. Try Aura free for 14 days!

    Related Articles

    Dangers of public wi-fi
    Internet Security

    10 Dangers of Public Wi-Fi You Didn't Know About (Until Now)

    Public and unsecured Wi-Fi networks are convenient. But are they safe? Here are 10 hidden dangers of unsecured and public Wi-Fi networks (and what to do).

    Read More
    August 22, 2022
    how do scammers steal credit card numbers
    Fraud

    14 New Ways Scammers Can Steal Your Credit Card Numbers

    How do people steal credit card numbers? And is your card at risk? Learn the top ways scammers get access to your credit card and how you can protect it.

    Read More
    August 31, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers