The 101: Fraud – Account Take Over (ATO)

As a merchant there is usually no worse experience than an Account Take Over. These fraud actors can have a few different motives that vary from needing a facility to cash out stolen credit cards or simply trying to redirect the funds generated by a business to their own account. Worst of all many of the accounts taken over are irreversible which means the business needs to create new facilities for their business.

Facilitating a successful ATO attempt requires very sophisticated steps but the reward can be incredible for these fraudsters. Some business do not realise that their deposit account has been changed for months causing often significant losses to businesses.

Burner accounts, phishing scams, stolen credit cards, disabling of 2nd factor authentication are just some of the infrastructure work these fraudsters need to set up.

How It Happens

1. Phishing: Attackers send fake emails, messages, or websites that trick victims into revealing their login credentials.
2. Credential Stuffing: Cybercriminals use automated tools to try stolen usernames and passwords from previous data breaches on multiple sites.
3. Malware: Malicious software can be used to capture keystrokes, monitor activities, and steal login information.
4. SIM Swapping: Attackers trick or bribe telecom employees to transfer a victim’s phone number to a new SIM card, gaining access to two-factor authentication codes.

Targets

1. Bank Accounts: Accessing bank accounts to steal money directly.
2. Merchant Account: cashing our stolen cards or taking over a businesses revenue
3. E-commerce Accounts: Making unauthorized purchases or reselling stolen goods.
4. Social Media Accounts: Spreading malware, phishing links, or conducting scams.
5. Email Accounts: Resetting passwords for other accounts or sending phishing emails.

Consequences

1. Financial Loss: Direct theft of money or unauthorized purchases.
2. Reputation Damage: Personal and professional damage if social media or email accounts are compromised.
3. Data Breach: Sensitive personal and financial information can be exposed.
4. Legal Issues: Victims might face difficulties proving the fraud, leading to potential legal problems.

Prevention and Protection

1. Strong Passwords: Use complex, unique passwords for each account.
2. Two-Factor Authentication (2FA or 3FA): Adds an extra layer of security by requiring a second form of verification.
3. Setting up Alerts: For new login behaviour from new locations or IP
4. Monitoring Accounts: Regularly check bank and credit accounts for unauthorized activity.
5. Security Software: Use antivirus and anti-malware programs to protect devices.
6. Awareness and Education: Stay informed about the latest phishing tactics and other cyber threats.

Response

1. Immediate Action: If you suspect an account takeover, change your passwords immediately.
2. Contact Providers: Notify your bank, email, and other service providers about the breach.
3. Report to Authorities: Report the incident to local law enforcement and possibly the Federal Trade Commission (FTC) or similar bodies.
4. Monitor Accounts: Keep a close watch on all your accounts for any further suspicious activity.