What is an Account Takeover Attack? Account takeover is a form of online identity theft in which a criminal illegally gains unauthorized access to an account belonging to someone else.

Account Takeover attacks increased 307% between 2019 and 2021. 22% of U.S. adults have been victims of account takeover (24 million households) and nearly a quarter of identity-related fraud in North America was related to ATO in 2021.

24% of victims of ATO fraud had contact information (such as an email address or phone number) changed after an ATO incident.

Fraudsters want to steal funds or buy goods quickly, changing contact info so that the relevant financial institution or merchant contacts the thief instead of the legitimate account holder if suspicions arise.


How Does Account Takeover Happen?

It’s basically a three step process:

A fraudster gains access to victims’ accounts. Fraudsters find a way to access user credential details using various attack methods or buys them online via the dark web.

Then, makes non-monetary changes to account details such as Modifying personally identifiable information (PII), Requesting a new credit/store card, Adds an authorized user, Changes the password.

Once one of these tasks is successful, the ability to carry out numerous unauthorized transactions is wide open.

All Types of Accounts are Vulnerable

Part of the challenge in dealing with the rapid growth rate of account takeover fraud is that it can occur on almost any type of account such as:

Government Benefits

Cell phone contracts

Checking/Savings Accounts

Credit Cards

Online Shopping Accounts

Store Cards and Loyalty programs

Further complicating matters is that activities typically associated with account takeover fraud—changing the email, phone number or password associated with an account—occur many times a day. The vast majority of these customer-initiated account management actions are legitimate but your institution may not spot your changes as “fraudulent” until it’s too late!


Before we move ahead to ways we can protect ourselves, take a look at this video highlighting some real examples of how people have been scammed…


How Can We Protect Ourselves?

  • 1: Unfamiliar charges. Look for charges that you don’t recognize — both large and small. Scammers will try to validate your bank account or credit card information by making small purchases first before moving onto larger fraud attempts
  • 2: Changes to your phone number or email address. Hackers will attempt to switch your contact information to bypass-two-factor authentication. Be alert to any attempts to do this via scam texts and emails.
  • 3: Update all software and apps to eliminate potential vulnerabilities. 
  • 4: Install antivirus and anti-malware on your devices
  • 5: Change your passwords so that attackers can’t continue to log into your accounts. This is a constant theme, so simple! Just do it!
  • 6: Set up 2 Factor Authentication or Multifactor Authentication for an additional security layer
  • 7: Regularly Review online statements and account charges. We have to be vigilant and diligent if we want to remain safe.
  • 8: Safeguard your credit. Even before you fall victim to account takeover, you might want to consider placing a credit report fraud alert or credit freeze with the bureaus. We can help, call us.
  • 9: Uncertain if you’ve been compromised? Call us! Thats what we’re here for…