Account Takeover Fraud: Prevention and Protection

Account takeover has been an imposing threat for many years. As users pay less attention to protecting their personal information and passwords, fraudsters are constantly improving their hacking techniques, stealing accounts faster and cheaper. 

According to Sumsub’s 2023 Identity Fraud Report, account takeover is among the five most popular types of identity fraud. We expect that the prevalence of account takeovers will continue to increase, which means that companies need to implement more robust countermeasures.

We at Sumsub have prepared a guide explaining what account takeover is, how it affects businesses, and what companies can do to prevent it. 

What is account takeover?

Account takeover, also known as ATO, is when fraudsters gain unauthorized access to someone’s online account, usually by stealing their personal information. Fraudsters employ various methods to gain the necessary personal information, including phishing and malware attacks. Once these accounts are taken over, fraudsters can profit off of them—and potentially even breach other accounts belonging to the same victim. 

Fraudsters can also create entirely new accounts from scratch, which you can learn about here. 

Account takeover statistics

 

According to 2023 Sumsub’s Fraud Report, account takeovers are among the top-5 of the most popular identity fraud types. Despite efforts to bolster security measures, account takeovers have steadily grown. Sumsub’s internal statistics show that global account takeover incidents increased by 155% in 2023.

How Account Takeover Fraud Happens

The enduring threat of account takeovers can be attributed to several key factors:

• Sophisticated techniques. Technological advancements enable more sophisticated techniques of compromising user credentials.
• Social engineering. Fraudsters manipulate trust and use psychological tactics to deceive individuals into unknowingly surrendering their account information.
• Weaknesses in the digital ecosystem. By taking advantage of vulnerabilities in one platform, fraudsters are able to gain unauthorized access to others.

These factors allow fraudsters to easily trick users into sharing sensitive data. This is usually done through one of the schemes listed below. 

Account takeover schemes

• Phishing: This tricks users into revealing sensitive information through deceptive emails, SMS, phone apps, calls, and much more. 
• Credential stuffing: Once sensitive information gets leaked from one platform, criminals can get this data and start using the obtained usernames and passwords on a variety of other platforms. Fraudsters now use automated technologies that allow them to test millions of credentials on thousands of websites. 
• Malware attacks: There are many types of viruses that criminals can infect user devices with. These viruses can collect information, take screenshots, capture keystrokes, and much more. 
• Automated password cracking: Whereas ‘brute force’ attacks were once a tedious guessing game for hackers trying to figure out someone else’s password, now automated systems make this a greater threat.
• Man in the Middle (MitM) attacks: This is when fraudsters intercept t communication between users and websites to scavenge sensitive information. 

What types of organizations do account takeover (ATO)  attacks target?

Account takeover affects types of businesses, including car sharing insurance, banks, crypto platforms, and more. 

However, some organizations are more at-risk than others:

• Financial services
• iGaming 
• Virtual Asset Service Providers (VASPs)
• Trading
• Marketplaces
• Carsharing companies

Suggested read: Know Your Enemy: An Interactive Guide to Online Gaming Fraud

How to detect account takeover fraud

Companies should monitor user behavior and look out for unusual or suspicious patterns, such as:

• Sudden change of geolocation
• Changes in personal information (e.g., bank information)
• Login attempts from an unrecognized device
• Abnormal transactions 

Account takeover protection

It’s essential for a company to implement a variety of automated solutions that can prevent and detect account takeover cases, including:

• Multi-factor authentication— requires users to provide more than just a password in order to log in. This can be an SMS, an email, face ID, security questions, and much more. 
• Account tracking systems—if one account gets compromised, an account tracking system can freeze it. 
• AI-powered monitoring—allows companies to spot bot attacks and more complex takeover attempts in real time
• Device fingerprinting—identifies new or unrecognized devices attempting to log into accounts. 

Solutions

To prevent account takeover, companies need to deploy advanced anti-fraud systems. These systems encompass strong authentication, fraud detection, security education, continuous account monitoring, risk-based authentication, and account recovery and remediation processes.

Real-time monitoring allows companies to detect irregular patterns or behaviors that may signal a potential account takeover. Examples of this can be a login attempt from unfamiliar locations or sudden changes in account settings. 

Sumsub also uses AI-driven algorithms to analyze anomalies. Additionally, our monitoring systems keep track of important information, such as device type, telemetry, operating systems, browser versions, client-side malware, VPN, geolocation data, IP address, and even hardware configurations. If suspicions arise, the system will send an immediate alert for further investigation.

Our AI-driven solution continuously adapts to new attack vectors and ensures early detection of potential threats. Plus, companies can customize their rules and flows with a no-code builder—giving them tailored scenarios that cater to specific risk policies and business requirements.

Learn more about Sumsub’s account takeover detection and prevention solution here.

FAQ

• What does ATO stand for in banking?

  ATO stands for account takeover. It’s the process of stealing sensitive personal information and using it to gain access to one’s online account.

• How does account takeover work?

  Account takeover, also known as ATO, is when fraudsters gain unauthorized access to someone’s online account, usually by stealing their personal information. Fraudsters employ various methods to gain the necessary personal information, including phishing and malware attacks. Once these accounts are taken over, fraudsters can profit off of them—and potentially even breach other accounts belonging to the same victim.

• What are some examples of account takeover fraud?

  • Phishing: This tricks users into revealing sensitive information through deceptive emails, SMS, phone apps, calls, and much more.
  • ICredential stuffing: Once sensitive information gets leaked from one platform, criminals can get this data and start using the obtained usernames and passwords on a variety of other platforms. Fraudsters now use automated technologies that allow them to test millions of credentials on thousands of websites.
  • Malware attacks: There are many types of viruses that criminals can infect user devices with. These viruses can collect information, take screenshots, capture keystrokes, and much more.
  • Automated password cracking: Whereas ‘brute force’ attacks were once a tedious guessing game for hackers trying to figure out someone else’s password, now automated systems make this a greater threat.
  • Man in the Middle (MitM) attacks: This is when fraudsters intercept t communication between users and websites to scavenge sensitive information.

• What is the difference between identity theft and account takeover?

  Identity theft refers to a wider category of fraud that involves stealing personal data. Nevertheless, account takeover can certainly occur as a result of identity theft, since stolen personal information can be used to takeover an account.

• What are the risks of account takeover?

  Companies risk running into financial and reputational losses in case account takeovers occur on their platform. The risks include, but are not limited to:

  • Data theft
  • Money laundering
  • Fraud committed with the use of the stolen accounts