Security Corner Blog

Share:

What Is Account Takeover Fraud and How Can You Prevent It?

By: Gayle Sato

Published: November 3, 2021

What Is Account Takeover Fraud and How Can You Prevent It?

Account takeover fraud—in which bad actors use stolen credentials to commandeer real credit card, shopping or even government benefit accounts—is one of the most common forms of identity theft. In fact, a 2020 study by Aite Group found that 38% of consumers surveyed had recently experienced account takeover fraud in the prior two years. It's pervasive and difficult to detect, and it can cost you money, wreak havoc with your finances and consume your valuable time while you try to undo the damage and secure your accounts. Here's what you need to know about account takeover fraud and how to protect yourself.

What Is Account Takeover Fraud?

Account takeover fraud occurs when cybercriminals gain access to your online accounts and use them to withdraw money, make purchases or extract information they can sell or use to access your other accounts. Potential targets of account takeover fraud include social media and email accounts, as well as those you use to shop or handle bank and credit card transactions. During the pandemic, there's been an uptick in government benefits, such as unemployment payments, involved in account takeover fraud—a good example of the opportunistic thinking that drives this trend.

How Do Criminals Get Your Account Information?

Fraudsters can buy stolen credentials off the dark web and use them to access your accounts. Where does data on the dark web come from? Data breaches are a prime source. The Identity Theft Resource Center (ITRC) reports that just over 300 million individuals were impacted by publicly reported data breaches in 2020. As massive as that sounds, it was a 66% decrease since 2019. Since its inception in 2005, the ITRC has tracked more than 12,250 data breaches involving billions of individual records. The first half of 2021 saw 846 publicly recorded data breaches, putting this year on pace to break a record for the number of breaches in a single year.

Additionally, criminals may use malware, phishing or other methods of identity theft to obtain your login and password information. Once they have credentials, they may attempt credential stuffing, where the login and password from one site is used to try to log in to others. Alternatively, they may execute a brute force attack, which uses bots to try multiple passwords on a single site.

What Do Fraudsters Do With Stolen Accounts?

Once they gain access to your account, criminals may do any number of things to cause trouble. They may, for example:

  • Order a new card from your credit card company and use it to make purchases.
  • Buy a new smartphone from your mobile phone carrier.
  • Access and redeem your account credits or rewards points for their own benefit.
  • Make a payment to a fraudulent company from your bank account.
  • Open a new bank account in your name.
  • Place orders on a shopping or restaurant delivery site.
  • Redirect unemployment benefits.
  • Access and steal personally identifiable information.
  • Change account information, including your phone number, email, home address or login and passwords.
  • Use the information they obtain to access other accounts.
  • Sell the account information on the dark web.

For all the problems account takeover can create, it can be difficult to detect. Often, criminals take the extra step of changing your account preferences so you don't receive notifications that might otherwise tip you off that something is amiss. Play defense: Pay attention to password change notifications and other account alerts as they come in before fraudsters have the chance to disable them. If you're notified of activity you don't recognize, look into it right away.

How Can You Protect Yourself From Account Takeover?

What else can you do to reduce your risk of account takeover fraud? Following general best practices for reducing the risk of identity theft is a good place to start. Some factors may be out of your control. For example, your information may be leaked in a data breach without your knowledge or the opportunity to secure your information. You can, however, take steps to limit the ways bad actors can use your data.

Be meticulous with passwords. Hackers will be more successful with their attacks if you tend to use the same logins and passwords on multiple sites. Ideally, you should have a unique, secure password for every online account. Using a secure password manager to generate and store these passwords across devices could be a great help.

Use multifactor authentication. Simply setting up security on your accounts to send a one-time passcode by email or text can help thwart an account takeover. Adding biometrics like face recognition or fingerprints can also be effective. Multifactor authentication isn't available on all accounts, but it is available on many critical ones. Activate it wherever you can.

Safeguard your credit. Even before you fall victim to account takeover, you might want to consider placing a credit report fraud alert or credit freeze with all three credit bureaus. With a fraud alert, credit bureaus will ask creditors to take steps to verify your identity before issuing credit in your name. A credit freeze prevents potential creditors (and others) from viewing your credit report and scores unless you deliberately "thaw" your credit information.

Consider identity theft protection. You can get help tracking your identity, accounts and credit file with Experian IdentityWorks?. With Experian's credit monitoring services, you can keep close tabs on your credit report and scores, receive alerts when changes are made to your financial accounts, scan the dark web and get help if your identity is compromised.

What to Do if Your Account Has Been Hacked

If you discover your account has been hacked, follow these basic steps for dealing with account fraud and identity theft:

  • Report the fraud to the company or agency involved. You may need to close your account or upgrade your account security.
  • Check your accounts. Assess whether your other accounts have been affected, especially those that use the same password.
  • Change your passwords. Update account information for the affected account and any others that share passwords with it. Better yet, you may want to take this opportunity to change and upgrade your passwords across the board.
  • Consider your credit. If you haven't already, you may want to freeze your credit or add a fraud alert to your credit reports and activate credit monitoring. Experian can help you start the recovery process.

Taking Account of Identity Fraud

Account takeover fraud is potentially damaging to your finances—and your sense of well-being—and there is no failsafe protection against it. Yet, you can take steps to limit your vulnerabilities and stop account takeover fraud when it happens. Maintaining strong account security and remaining vigilant are both critical. If you need help monitoring activity related to your identity and credit, consider identity theft monitoring and protection, available through Experian IdentityWorks?

This article originally appeared on and was written for Experian.com.

View all posts

Members' Voice Testimonials

This credit union is the best, I love the customer service and you can't beat the interest rates. I'm happy to be a member of this great credit union.

- James · Locust Grove, GA

The branch manager introduced herself and was extremely helpful. She stated that if there is anything we ever need to please let her know. Very positive experience!

- Larry · Cumberland, MD

Greta was absolutely amazing - as always. She makes me and my parents feel valued and supported. We are forever grateful. [The Credit Union] has been hugely supportive over many years. And we feel known and cared for.

- Eliza · Washington, DC

Long as I have been with the credit union, I haven't had any problems. I also like the protection on my account.

- Charles · Upper Marlboro, MD

My overall experience at the credit union was exceptional. The staff was hospitable offering water, my service was timely and professional and the office was well lit and clean.

- Denise · Washington, DC

As a member for more than 40 years, i have always had great service from the USSFCU and know that they stand behind their great reputation.

- David · Silver Spring, MD

A top rate Credit Union, [I'm] privileged to be part of! Thank you for all you do for our family! USSFCU Credit Union was able to resolve our financial situation - vehicle, personal loans, customer service/recommendations, within 6 months. We belonged to another credit union for over 20 years, with results not even close to comparison. We switched ...

- Manuel · Bowie, MD

Your people and products are amazing. The recent [online banking] overhaul is phenomenal. [I've] been electronic banking since Tele action phone banking - paying bills with my push button landline decades ago. USSFCU is light years ahead of everyone else in terms of ease of use and client experience!

- Misty · Brookings, OR

I have been a member for more than 30 years. I no longer reside in the DC area but continue to bank with USSFCU because of the ease and the customer service.

- Tamra · Denver, CO

I have been a member for over 50 years, and I have always gotten good service with loans, when I had to have service at a branch, and when I needed to have money sent to me from my savings account. The personnel have always been friendly and treated me with respect.

- John · Fort Washington, MD

I especially appreciate being able to quickly speak with someone (not a robot) and that person has always been knowledgeable and helpful.

- Bernard · Richmond, VA

Excellent customer service streamlined and transparent process. The representatives are efficient, knowledgeable, and understanding of the type of loans offered by Credit Union.

- Erwin · Ellicott City, MD

The USSFCU behaves as a credit union ought to behave. The staff works with and for the members, not for a corporate board. Interest rates for a car loan, a home improvement loan, and a mortgage are low and terms are transparent.

- Ruth · Takoma Park, MD

Staff are courteous and friendly to work with. Very knowledgeable about services and products offered or available. Excellent follow-up with customers.

- Jacquelyn · Sanford, FL

I have appreciated USSFCU services for many years since I left my work on Capitol Hill. I have appreciated the occasional webinars on purchasing a home or retirement planning.

- Jamie · Washington, DC

I have been a member since 2006, and have always appreciated the customer service response to any concern or query. In addition, as I have traveled extensively, USSFCU has provided support and access.

- Kathleen · Ukiah, CA

I've had a credit union account for decades, even though I no longer work on Capitol Hill. I now have two accounts. I've been able to do all of our banking remotely, by app or by phone.

- Richard · Washington, DC

I have been a USSFCU member for almost 20 years. There is nowhere else I want my money to be. I always receive excellent service.

- Nicole · Alexandria, VA

I deeply appreciate the stellar service, the proficiency, the professionalism, and the kindness. I am truly honored and grateful to bank with a financial institution that treats customers like family.

- Angela · Alexandria, VA

Read More testimonials.