Would You Know If a Scammer Took Over Your Online Accounts?
When 27-year-old financial planner, Andrew, saw a friend on Instagram posting about a huge return on a $3,000 investment, he was skeptical [*]. But after a few back-and-forth messages, he felt confident enough to transfer both money and Bitcoin to his friend’s investment manager.
The only problem? His friend’s Instagram account had been hacked and taken over by scammers. Andrew's $3,000 investment disappeared — along with sensitive information about his financial accounts.
Andrew was caught up in what’s called account takeover fraud (ATO). ATO occurs when scammers trick you into giving up access to your social media, banking, email, or other online accounts.
In 2022, 22% of all U.S. adults fell victim to account takeover fraud – with average losses of $12,000 [*]
ATO has become a serious issue for millions of Americans as well as businesses and financial institutions. Once fraudsters gain access to a victim’s account, they can scam your contacts, drain your bank accounts, or steal your identity.
In this guide, we’ll explain how account takeover fraud happens and what you can you do to protect your online accounts from hackers and scammers.
What is Account Takeover Fraud (ATO)?
Account takeover fraud occurs when criminals successfully gain access to your online accounts.
Scammers target any online account that contains either your financial information (credit card numbers, account details, etc.) or your personally identifiable information (full name, address, Social Security number, etc.).
In account takeover fraud, scammers may try to take over your:
- Social media accounts to impersonate you and run scams on your followers.
- Email account to find your personal information or request password resets to other accounts.
- Online banking accounts to steal your money, break into your financial services, or take out fraudulent loans.
- Amazon or other online customer shopping accounts to make fraudulent purchases on ecommerce sites and steal your credit card numbers.
What’s especially dangerous about account takeover fraud is that scammers don't want their victims to know they've been hacked. Instead, they want to use their stolen credentials and account information, unnoticed, for as long as possible.
How Do Account Takeovers Happen?
Scammers have developed several ways to take over your online accounts, including:
- Buying passwords on the Dark Web. Fraudsters that lack the technical skills to harvest your login details themselves can buy leaked passwords on the Dark Web. For example, a hacked PayPal account can sell for as little as $14 [*].
- Credential stuffing. Scammers use armies of software bots to try thousands of password combinations to break in to your accounts (also known as a “brute-force attack”). Modern password attacks can even avoid website fraud detection and complete captcha requests.
- Phishing attacks using social engineering. Phishing attacks occur when scammers send you emails and texts, or call you on the phone pretending to be a representative from a company you know. They use threatening language to trick you into giving up sensitive information or clicking on links that take you to phishing sites.
- Using malware and key logging software. Hackers can also infect your device with malware and spyware that logs any information you input and sends it to the scammer in real-time.
- Man-in-the-Middle attacks (MitM). A MitM attack takes advantage of weak Wi-Fi security to eavesdrop on your activity. Bad actors can watch what you do online and gather your personally identifiable information (PII).
- Taking advantage of security vulnerabilities. Out-of-date software often includes vulnerabilities. Cybercriminals use these to remotely access your personal data or take over your device.
Do this now: Check if your online accounts are at risk ↓
What Happens if Someone Takes Over Your Online Accounts?
The dangers of account takeover fraud cannot be understated. Think about the sheer quantity of sensitive information that someone could find in your email or social media accounts. Bank account and tax information, credit card details, and more — not to mention sensitive messages, photos, and videos.
Account takeover is also a serious issue for businesses. If scammers break into business accounts, they can cause irreparable damage.
For example, Business Email Compromise (BEC) — in which scammers take over business email accounts — costs companies anywhere from $80,000 to $14.8 million to resolve [*].
How To Spot the Warning Signs of Account Takeover Fraud
Cybercriminals want to hide the fact that they have access to your account (so you don’t try to recover it).
Here are the warning signs of the most common types of account takeover fraud and what you should do:
1. Bank account takeovers
In a bank account takeover attack, cybercriminals successfully gain access to your online bank account. Once in, they can steal your personal information, change and reroute transfer details, and try to fraudulently remove your cash.
Warning signs of bank account takeovers:
- Unfamiliar charges. Look for charges that you don’t recognize — both large and small. Scammers will try to validate your bank account or credit card information by making small purchases first before moving onto larger fraud attempts (this is called “carding”).
- Changes to your phone number or email address. In an account takeover attempt, hackers will often switch your contact information to bypass-two-factor authentication (2FA) controls.
- Fraud alerts from your bank credit monitoring app. Aura’s credit monitoring app constantly monitors all your financial accounts for signs of fraud, and will alert you in near-real time of any suspicious activity.
What to do if hackers gain access to your bank account:
- Contact your bank’s fraud department. Call the number on the back of your debit card and inform them of the fraud. Your bank will freeze or cancel your account and get you set up with a new one.
- Reset your passwords. If you have completely lost access to your bank account, request a password reset to kick out the intruder.
- Freeze your credit with all three major credit bureaus. A credit freeze stops scammers from opening new lines of credit in your name. Contact TransUnion, Equifax, and Experian to report the identity theft, and ask each of them to freeze your credit.
- Report the fraud to the FTC. Account takeovers are a type of identity theft. File an official report with the Federal Trade Commission (FTC) at identitytheft.gov. An official report is required to dispute fraudulent transactions and close accounts.
2. Social media account takeovers
During a social media account takeover, fraudsters gain access to your online profiles. Once in, they can harvest the personal information you used to create the account, read the content in your private messages, send scams to your friends and family, and post publicly in your name.
Warning signs of social media account takeovers:
- You receive texts from friends asking about unusual messages that you’ve supposedly sent them. If multiple friends ask why you’re spamming them with links to advertisements or documents, this can indicate you’ve been hacked.
- Password reset requests. Look for login attempts and password reset requests in your email inbox that you didn’t request.
- You notice changes to your profile. If someone (other than you) starts changing your profile, deleting old posts, or adding new pictures and banners, then you need to take immediate action.
What to do if hackers gain access to your social media accounts:
- Close all active sessions and reset your password. Most social media sites will show you from what devices (and where) your account is logged in (i.e., Instagram’s Login Activity). Force any session or device you don’t recognize to log out, and then change your password immediately.
- Report the fraud to the social media site. Contact customer support, and let them know that someone has taken over your account so that they can deactivate it or return access to you.
- Contact your friends and family. Tell your friends and family members that you’ve been hacked so they don’t get tricked into clicking on a phishing scam or malware attachment that they believe was sent by you.
3. Government benefit account takeovers
In a government benefit account takeover, cybercriminals gain access to your online IRS or mySocial accounts to file fraudulent tax returns or claim benefits in your name (and reroute the payment to their accounts).
Warning signs of government account takeovers:
- You can’t file your tax return electronically. Be especially cautious if you go to file a tax return but are told by the IRS that someone has already filed one under your Social Security number (SSN).
- You receive calls or letters about benefits that you haven’t received. If the government sends you letters related to benefits you haven’t received, then it’s time to investigate further.
What to do if hackers gain access to your online government accounts:
- Contact the IRS. Contact the IRS immediately to notify them that someone has taken control of your account. You will need to fill out Form 14039 — the IRS Identity Theft Affidavit.
- Contact the Social Security Administration (SSA). Report the fraud to the state workforce agencies in the state(s) where it took place. (The U.S. Department of Labor has a list of state fraud hotlines here.)
4. Business Email Compromise (BEC)
Business data is big business for scammers who sell it on the Dark Web or use it for further attacks. In a BEC attack, scammers gain access to a company’s protected data by taking over an employee’s email account.
Once scammers control the account, they impersonate the victim and target other employees or customers to gain access to restricted data or request payment for services or invoices.
Warning signs of BEC:
- You find many generic outreach emails in your outbox. If you’re looking through old sent emails and find lots of spam, then it’s time to take a closer look.
- Unusual IP addresses or browsers in your account history. If you check your account history and find that someone has logged in from an unusual browser or device, then this is a strong indicator of compromise.
- Password reset emails. If someone tries to brute-force hack your account, there will be lots of password reset emails in your inbox — not just for your email but potentially other accounts as well — especially if you reuse passwords.
What to do if hackers gain access to your business email account:
- Notify your IT team immediately. Don’t wait to contact your IT department if you think your email has been compromised. Let them know right away so that they can work to contain the incident and stop a potential data breach.
- Change your password and add two factor or multi-factor authentication (2FA or MFA). If you think someone has broken into your account, change your password and add 2FA or MFA so that even if scammers know your password, they won’t be able to log in without a one-time passcode.
- Educate your team on the warning signs of a phishing scam. Increase your team’s natural fraud prevention toolset by showing them what a typical phishing attack looks like.
Did a Scammer Take Over Your Accounts? Do This
If scammers have taken over any of your accounts, you need to act quickly. The longer they have access to your account, the more damage they can do.
Here’s what you can do to regain control of your compromised accounts:
- Contact the account provider to notify them that your account was breached. Follow the steps for regaining access to your account.
- Update all software and apps to eliminate potential vulnerabilities.
- Install antivirus and anti-malware on your devices to make sure scammers can’t keep spying on you.
- Change your passwords so that attackers can’t continue to log into your accounts.
- Set up 2FA or MFA to protect against credential theft.
- Contact your IT department immediately. The cost of an account compromise rises with every minute that a hacker has access to your network.
- Remove permissions for the compromise account, and then reset your passwords.
- Alert users or customers if their account has been frozen by the anti-fraud team.
- Report the incident to the local police, along with state and federal authorities.
The Bottom Line: Keep Your Accounts Safe from Scammers
While account takeover fraud can be addressed after a breach, it’s much easier and less stressful to prevent unauthorized access from taking place in the first place.
Being aware of the real risks of account takeover fraud, ATO fraud, and ATO attacks is part of the battle in protecting your information.
Fortunately there are a number of simple actions you can take to drastically reduce your chances of being hacked:
- Never reuse passwords across accounts. Instead, use a password manager to keep track of your account logins.
- Always use secure (and unique) passwords, and enable 2FA with an authenticator app (rather than via text/SMS).
- Use a Dark Web scanner to see if your information has been leaked online.
- Check active login sessions on your social media and email accounts, and force any unrecognized devices to log out.
- Install antivirus software to protect against password-stealing malware.
- Use a VPN to protect your home wi-fi network against man-in-the-middle attacks.
Finally, for added protection, consider signing up for Aura’s all-in-one digital security solution. Aura protects you and your family against online scammers who try to take over your accounts, steal your money, or worse.