We currently live in a convenience-focused society where people prefer shopping, entertainment, and learning online. The number of people who have social media accounts increases day after day. Unfortunately, as internet use increases, so do cybercrimes. There are many nefarious actors online. They exploit the vulnerabilities in systems to access and conduct various forms of fraud. Losing control of your Twitter or Amazon account can be depressing. For that reason, we will look at account takeover fraud. What is it? Who does it affect? How can you prevent and protect yourself from ATO attacks? These are some of the questions that we will seek to answer in this question. So, let us dive in.
What is an Account takeover?
This refers to the process of accessing and controlling a user account to commit fraud or other nefarious acts. When a hacker takes over your account, they can perform various activities that benefit them to your detriment. Account takeover is among the cyber security threats that are growing at the highest rates today. It is estimated that ATO grew by over 300% from 2019 and caused consumer losses to a tune of $3.5 billion.
The primary reason account takeovers are growing at such a rate is the ease they can be affected. There are over 15 billion login credentials on the dark web today. These credentials come from various data breaches. The growth of the bot industry has provided cybercriminals with the best tool to test and validate the credentials. Bots have an impressive work rate. They can test thousands of login and password combinations in a matter of minutes. Therefore, hackers see them as the best tool to brute force the login or perform credential stuffing. But how do attackers obtain the credentials?
Sources of credentials used in account takeover
There are various methods that attackers use to obtain the credentials that they use in account takeovers. These sources include;
As we have seen above, there are over 15 billion login credentials on the dark web. Some are for sale, while the others are posted on various forums and bins.
The cybercriminal gets the credentials and employs bots to find the valid ones. The dark web has been a haven for cybercriminals, availing almost anything they need. The process by which cyber criminals validate the credentials through repeated logins is called credential stuffing.
The other way an attacker gets the credentials used in an account takeover is through brute force attacks. In this case, the attacker has one piece of the puzzle, usually the username or the email. They then try various password combinations in an attempt to uncover the right one. Many people use a combination of name, year of birth, date of birth, and phone number while coming up with a password. Therefore, the attacker leverages this.
This is a collective term of various techniques that are used to obtain the credentials. It includes
Phishing is among the most common forms of credential harvesting. The attacker can use malicious links, files, or even emails to harvest the credentials. When you open the email or link, a malicious script is downloaded into your computer. The script stealthily installs and opens a socket which it uses to communicate with the command and control. It can send all the keys logged to the files on your computer etc.
The attacker can also get the credentials by positioning themselves between the client and the server. Therefore, they can tap any request that the client makes and tamper the response from the server. When a client requests to be authorized by sending their login credentials, the attacker records them. The credentials obtained this way need not be validated.
Other ways that the attacker can get the credentials are through DNS poisoning and social engineering.
How does ATO affect the consumers?
In almost every application today, there are auto-fill features enabled. These provide convenience to the application users. However, this feature can be devastating if the computer or the mobile device falls into the hands of the attacker. With only a single click, they can take over your entire account. So, how does ATO affect the consumers?
Payment fraud is the most common form of fraud associated with account takeover. After breaching the account, the criminals purchase items or modify the delivery details, redirecting the purchased goods to their location. According to Ravelin, for about 71% of the account takeover attacks, the attacker placed an order three or four times and had a success rate of 50%. In 46% of the cases above, the fraudster modified the delivery address details to redirect those orders to them. They later resell the items for profits.
Use the account details and loyalty points
If the compromised account is not associated with any payment details, the cybercriminals can still use the account details or the saved loyalty points. The most common target of this fraud is air miles. This is because the attacker can use them to purchase transportation services in other countries.
Selling online accounts
The other lucrative business is selling access to the compromised accounts. The entertainment and gaming industry are the most common culprits of this crime. The criminals sell Netflix, Twitch, Hulu, and Uber for as low as $1. While $1 may seem low, remember that data breaches typically compromise millions of accounts. The utility industry is also a culprit of this.
Selling the stolen data
As per a 2019 Google survey, 65% of the people use the same password for different accounts online. A compromise on one account can give the criminal access to a wide range of proprietary and personal data. The compromised data is later sold on the dark web.
How does Account takeover affect companies?
Theft of proprietary data can cripple a company, and the criminals know this. They mainly aim for an executive or a management-level account. The attackers know that by taking over these accounts, they have a wide array of options. They can blackmail the managers for money, or expose the company secrets, or steal proprietary information. The information is then sold to the rivals, giving them an advantage to bankrupt the patent-holding company.
The other way that account takeovers affect a company is through scams. The criminal can take over a trusted email and scam other people and companies by requesting fraudulent emails. They can also use the address to distribute malware.
Preventing account takeover
Changing your password habits
Online security is a shared responsibility. Changing your password management methods is the first step in ensuring you are not a culprit of an account takeover. Below are password usage tips:
- Updating your password regularly on all your online accounts
- Using different passwords per account
- Using Numbers, Letters, special characters and ensuring that the password is at least 13 characters long
- Enabling multi-factor authentication on your accounts to impede any unauthorized access
- Use a password manager to create and update the passwords for you.
Keep your Browser updated
Cybercriminals always look for new ways of exploiting the vulnerabilities in your browser. However, the good thing is the developers regularly patch these vulnerabilities. Keeping your browser updated ensures you have the recent patches installed, eliminating any risk on your account.
Installing an anti-malware solution
Malware and bots are essential tools used by attackers to conduct account takeovers. The cybercriminal can load spyware onto your computer or server that logs and sends all your keystrokes. They can also create backdoors into your system by installing Trojan horses. The attacker may also use your computer as part of a botnet for hacking other accounts.
Install a trusted account takeover prevention solution on your server or computer. Ensure that it is regularly updated. It eliminates any malware infraction and keeps you secure from ATO.
The Bottom Line
Account takeover is growing at an alarming rate. However, there are simple ways to keep you safe from this attack. One such method is changing your passwords regularly. Others include the proactive monitoring of your credit, identity, and bank account information for any unusual activity.