As the pandemic has forced businesses to shift online, cyber-attacks have become more prevalent than ever. As an organization, you have to remain alert because phishers, hackers, and scammers are still actively looking for their next victim, which can be you or your company.
One of their most common attacks is Account takeover (ATO). A corporate account takeover is a big deal. It is one of the most damaging cyber threats that businesses and customers face today. US-based fraud prevention platform Sift’s latest Digital Trust & Safety Index – based on its global network of more than 34,000 sites and apps and a survey of over 1,000 consumers – details the rapid rise and evolution of account takeover (ATO) attacks. The report highlights how no industry has been left untouched by account takeover (ATO) attacks, with an 131% increase across Sift’s global network in the first half of 2022, as opposed to the same period in 2021. However, fraudsters are looking to take advantage of dormant accounts and stored payment information. The industries with the biggest increase in ATO attack rates were fintech (71% increase), marketplaces (39% increase), and digital goods and services (37% increase). Within the fintech industry, cryptocurrency exchanges had a 79% increase in attack rates.
In this article, you will read about:
What is an Account takeover?
Recent account takeover attacks
Reasons Why Account Takeover Fraud Happens
Account Takeover Scenarios
What Can I Do If I Have Been Hit by an Account Takeover?
How to Protect Yourself from Account Takeover Fraud?
How to Improve Your Security Against ATO Scams
How Rainbow Secure can help?
What is an account takeover?
Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials. These attacks are difficult to detect as criminals hack into accounts with legitimate credentials. By and large, these attacks hurt businesses’ reputation, scare customers, and can even end up with companies having to pay a heavy penalty.
Account takeovers are used by fraudsters in many ways:
- to acquire sensitive personal information
- to impersonate the account owner
- to gain access to funds and/or payment cards
- as a springboard to defraud the owner’s contacts
- to conduct schemes such as CEO fraud
Mark Zuckerberg, Elon Musk, Kim Kardashian, Jeff Bezos, Barack Obama, Jack Dorsey, and Kanye West have all been victims of ATO attacks.
Some of the recent account takeover attacks are listed here:
- J.Crew data breach: In March 2020, J.Crew informed its customers that an unauthorized third-party accessed their accounts nearly a year ago.
- New Marriott data breach: In March 2020, Marriott International announced another data breach that approximately affected 5.2 million guests.
- Decathlon left data breach: In February 2020, sports retailer Decathlon accidentally exposed more than 123 million employee data on an unsecured ElasticSearch server.
Reasons Why Account Takeover Fraud Happens
Fraudsters have plenty of reasons to target pre-existing accounts:
- To acquire more data: Once hackers have entered an account, they can harvest more information. Is there a phone number attached? Better yet, a valid credit card number? Sometimes, it’s about collecting personally identifying information (PII) for other forms of fraud and identity theft. These types of attacks often target healthcare, critical infrastructure, and even academic institutions.
- Financial fraud: All ATOs are designed to extract monetary value at some point down the line. The closest an account is to a credit card, withdrawing funds and wiring money, the better for fraudsters. This is true both for standard currencies, cryptocurrencies, and even loyalty points or gift card credit.
- Card testing: Certain accounts are only used to make small purchases, or to test credit cards. This helps fraudsters check the validity of stolen credit cards, which can then fuel their criminal buying sprees
- Spam: A legitimate account is a great tool to create fake listings, sell goods that don’t exist, write reviews and give feedback on services that are self-serving.
- Phishing: Attackers access the account’s contacts and target them directly. The initial account gives them legitimacy and makes the contacts more susceptible to giving away valuable information.
- Ransom attacks: If an account is extremely valuable, criminals can try to sell it back for a price.
Finally, there is the huge problem of account reselling: Threat actors sell or post account details on dark web.
This is why, in the long run, account takeover is one of the most damaging fraud attacks.
Account Takeover Scenarios
There is no shortage of options for criminals who want to acquire user accounts. Some of the most common methods include:
- Credential stuffing attack: This is where a fraudster tries all the combinations of passwords and email addresses, they’ve found in a large data dump.
- Brute Force: Fraudsters conduct this type of corporate account takeover to target large businesses. They use automated bots to systematically check and identify valid credentials to crack password codes and log in to compromised accounts.
- Phishing attack: Criminals send an SMS or email asking you to log into a forged website. The goal is to trick the recipient (over a phone call, email, or text message) into taking action, like opening a link or downloading an attachment with malicious code. From here they redirect you to a page where a keylogger captures your password or other personal details.
- Social engineering attacks: Social engineering is a corporate account takeover attack where the cybercriminal manipulates an employee into giving away login credentials or access to sensitive information. Fraudsters conduct social engineering in stages. First, they gather information about the intended victim. Then, they plan to launch and execute an attack by exploiting the victim’s weakness. Finally, they use the acquired data to conduct the attack.
- Man-in-the-middle attack (MitM): The man-in-the-middle attack is a kind of cyber eavesdropping where the attacker intercepts communication between two entities and manipulates the transfer of data in real time. For example, the attacker will exploit the real-time processing of transactions between a bank and its customer by diverting the customer to a fraudulent account.
- SIM-Swapping: Most of the accounts for the high-profile names at the beginning of this guide were stolen using SIM-swapping or SIM-jacking attacks. This is when fraudsters contact telecom operators and manage to take control of a mobile phone number. Because so many accounts are verified via Two Factor Authentication (2FA), gaining access to a number means you can log into someone’s Instagram, Twitter as well as a range of other potential services.
- XSS to ATO: XSS stands for Cross-Site Scripting. It allows criminals to target a website by executing malicious scripts in a victim’s browser. This is often with the goal of setting up new passwords on pre-existing accounts.
Common red flags that may indicate ATO attacks are happening include:
- Irregular spikes in login attempts.
- Increased failed login counts.
- Spikes in account locks.
- Reports of fraudulent emails or SMS messages sent from someone posing as a legitimate entity.
- Customer complaints about unauthorized fund movement.
- Mismatched TCP and HTTP signatures.
What Can I Do If I Have Been Hit by an Account Takeover?
If an account is compromised, the first thing to do is to freeze it. This will prevent the fraudster from performing any actions such as changing the password or making a purchase.
If the password has already been changed, you should force a password reset and inform the original user.
Don’t forget that users will probably blame your company for what they see as a lack of security. You should have a solid communication process in place designed to reassure them that it is only a temporary freeze and that their account will be restored as soon as possible.
How much does it cost businesses?
According to research from Kaspersky, more than half of all fraudulent attacks are in fact an account takeover.
While it’s harder for businesses to put a monetary value on ATO losses than, say, credit card fraud, it doesn’t mean it’s a victimless crime. There are very real consequences for affected businesses:
- Hacks and security issues put a strain on your IT team.
- Support is overwhelmed by customer requests while attempting to reclaim their account.
- The finance department must fight chargebacks.
- Users turn to competitors due to a loss of reputation and brand trust.
In the worst-case scenario, stocks can even plummet after a publicized breach.
How to Protect Yourself from Account Takeover Fraud
Letting your users and employees understand how valuable their accounts are is a great first way to make life harder for fraudsters as this will change their behavior around protecting access to their accounts.
Some points to consider are as follows:
- Stop reusing passwords: Losing one account can have a few bad consequences. Losing all your online accounts can be disastrous. Use Rainbow Secure multi-factor graphical password authentication for securing your online accounts with bulletproof security which is user-friendly too.
- Update passwords regularly: This can protect accounts from historical data breaches. You can check if your data has been leaked in a breach and ensure your passwords are quickly updated after any major ones. Using Rainbow Secure Login Authentication can protect you even if the data is stolen.
- Be vigilant with links: Especially from unknown email senders, poorly written text, or suspicious web pages. It’s always better to access important sites directly in your browser rather than following any links. Never click on any suspicious links.
- Double-check URLs: Watch out for signs of a phishing attempt if the URL or web page looks unusual, especially when entering credentials or personal information, for instance: www.applle.com
- Enable MFA (multi-factor authentication): Two-step verification (2SV) or two-factor authentication (2FA) are easier to use than ever thanks to third-party apps like Rainbow Secure Smart Multi-Factor MFA. Add Rainbow Secure MFA Authentication Plugin to secure business from Cyber Fraud, Account Takeover attacks like credential Phishing, Keylogger, BOTS, DDoS, and Ransomware and get compliant. It comes with AI monitoring & Geo-Fencing.
- Use a VPN: Especially when connected to public WiFi networks.
How to Improve Your Security Against ATO Scams?
As a business, it’s best to ensure the best data protection practices are followed. This should be for all data that is collected, transferred, processed, and accessed. A non-exhaustive list of examples includes:
- Use SSL: Especially on pages that collect sensitive or personal identifiable information such as credit cards, social security numbers, or addresses
- Use encryption wherever possible: Not just for logins, but also for communications.
- Secure physical devices: This is particularly important for company phones, laptops, and desktop computers – especially in a work-from-home setup.
- Restrict user input: This includes limiting HTML input, sanitizing values entered, and the use of Allowlists to ensure your site code is clean and not vulnerable to SQL or HTML injection attacks.
- Consider User Friction: In an ideal world, you’d be able to set up as many authentication and verification steps as you need to ensure your users are who they say they are. Rainbow Secure smart solutions reduce friction, provides world class UX experience and are user friendly.
How Rainbow Secure can help?
Right amount of data and system access to right person or role at right time is the key to organizations being able to use digital tools and platforms to serve the customer base and stay compliant.
Next Generation Rainbow Secure platform is a modern identity and single sign- on solution for your business across on-premises and cloud environments. It’s backed by an experienced team of cloud and security experts, years of innovation, and partnerships with leading cloud platforms. Rainbow Secure is a Leader in Smart and Secure Digital Solutions that work for you.
Secure Workforce & Customer login Use Authentication Plug-in by Rainbow Secure to secure workforce and customer logins. In this plug-in, you get a multi-dimensional password, passwordless login solutions with AI monitoring, Risk Analytics, and location fencing.
Secure Data and its Backups We provide Cloud based data vault and data archive solutions backed by Microsoft Azure and secured by our authentication plugin and industry best practices to give you ransomware protection, help with data governance and disaster mitigation.
Database Security We provide technical consulting services to Secure Databases in cloud and on premise. You get best protection for your data in databases using native and third-party security tools.
Meet Compliance Requirements: Use Authentication Plug-in by Rainbow Secure with your business application and in SSO (Single Sign-on) and meet industry standards and compliance regulations such as NIST, ISO, FTC, SOX, SOC2, CMMC, CMMI, HIPAA, PCI, and others.
Securely communicate and Collaborate: Use Secure Business Email by Rainbow Secure and get protection against account takeover, phishing, ransomware, and automated login cyber frauds. In this email, you get options to send encrypted emails, single sign-on with Office 365, and Google, and 1 TB one drive storage.
Connect Business applications: Get one unified login using Rainbow Secure Single Sign-On
Manage User Onboarding / Offboarding using Rainbow Secure IAM
Verify User using Smart Multi-factor MFA
Do you have more questions about our next generation world class solutions that keep your business secure from Cyber Fraud, Account Takeover attacks like credential Phishing, Keylogger, BOTS, DDoS, and Ransomware and get compliant. Want to know more about our MFA and SSO solutions? Contact us today. Email us at Hello@rainbowsecure.com