Security Corner Blog

Share:

Bank Account Takeover Attacks: How to Keep Safe

Published: April 18, 2023

Bank Account Takeover Attacks: How to Keep Safe

Scammers use account takeover (or “ATO”) tactics to target individuals, businesses, and banks daily. All stakeholders must recognize the gravity of this issue and take the necessary steps to combat it.

What is Account Takeover Fraud?

Account takeover fraud, or ATO fraud, is a form of identity theft by which a third party gains access to unique details of a trusted user’s online accounts. Fraudsters can pose as the real customer to change account details, make purchases, withdraw funds, and even leverage the stolen information to access other accounts.

Account takeover fraud occurs when fraudsters hijack your online accounts by obtaining sensitive details. They impersonate you to modify account info, make transactions, withdraw cash, or exploit the stolen data to breach other accounts.

Scammers often target accounts holding financial data or personally identifiable info (name, address, Social Security number, etc.). However, they may also target a variety of different profiles, including:

  • Social media accounts can be used to mislead and manipulate your followers.
  • Email accounts to mine personal info or reset passwords for other accounts.
  • Bank accounts to steal money, infiltrate financial services, or secure loans.
  • Amazon or other shopping accounts to make purchases and steal card info.

Scammers can use a variety of tactics to get access to your accounts. Here are a few common examples that illustrate how fraudsters can use ATO to their advantage:

Phishing

Phishing refers to any practice by which a fraudster tries to trick individuals into revealing personal information, such as passwords and credit card numbers. This can be done through emails purporting to be from reputable sources, dummy sites, etc.

Best Defense:

Merchants should require users to complete two-factor authentication when they log in from a new device or add a new payment method. Consumers can protect themselves by adding similar methods (see the “Layer Up” subsection below).

SIM Card Swapping

A fraudster contacts a user’s mobile carrier, telling them they have a new device. The fraudster then uses stolen credentials to gain access to accounts they wish to use but is able to subvert the two-step authentication process by tricking device fingerprinting methods.

Best Defense:

If a cardholder’s details are accessed by someone in another region, or they are suddenly unable to access certain accounts, they should change their credentials immediately. Never reuse credentials on multiple sites. If the device they typically use to access sites is no longer recognized, they should contact their mobile provider immediately.

Malware

Malware is software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system. This is the method by which most fraudsters gain access to systems they haven’t been inadvertently invited to, whether through phishing or by other means.

Most often, malware is injected into a user’s computer through faulty apps, unsecured sites, or hardware that is inserted into a drive. The malware then tracks keystrokes or other activity to capture login credentials.

Best Defense:

Cardholders should ensure their systems are secure and that they follow security best practices online. For merchants, your employees should only access necessary data through secured networks.

Mobile Banking Trojans

Banking trojans are a type of malware that tries to obtain access to confidential information that is stored or processed through online banking systems.

This is malware 2.0. Instead of targeting your system at large, rooting for whatever can be sifted from your data, mobile banking trojans are targeted attacks that are designed to escape your notice.

Best Defense:

Cardholders need to guard their banking details carefully. If a site doesn’t look trustworthy, they should never add their payment details. Period.

Man-in-the-Middle Attacks

This attack is a lot like eavesdropping. A fraudster will position themself between your data and its reception point on a network in order to redirect that information or payment elsewhere.

Best Defense:

Cardholders should never transmit sensitive information via public Wi-Fi. Also, savvy merchants provide secured Wi-Fi networks for all in-house use, including any that might be consumer-facing.

Scammers will target anyone they can in hopes that they can use that information to steal from as many sources as possible, using the least amount of effort on their part. If a criminal hijacks your account they can:

  • Order a new card for unauthorized purchases.
  • Buy a new smartphone via your carrier.
  • Redeem credits, rewards, miles, etc. for their own gain.
  • Make fraudulent payments from your account.
  • Open a bank account under your name.
  • Place orders on shopping or delivery platforms.
  • Redirect unemployment, pension, or Social Security benefits.
  • Steal your personal information.
  • Change your account details like phone, email, address, or credentials.
  • Access other accounts using the same stolen info.
  • Sell your account information on the dark web.

Account takeover fraud is a menacing reality with far-reaching consequences for all parties involved.

Preventing Account Takeover

Cybercriminals are constantly seeking ways to gain unauthorized access to your online accounts. That’s why it's crucial to take preventive measures.

Password Perfection

The foundation of account security lies in creating strong, unique passwords. Forget the days of “password123;” you need to embrace the power of a complex passphrase. Use a combination of upper and lowercase letters, numbers, and special characters.

 - PuMpkins37are73Yummy!

Two-factor authentication (2FA)

Adding an extra layer of security is always a good idea. Enable two-factor authentication (2FA) on your accounts whenever possible. This requires a secondary verification method, such as a one-time password (OTP) or biometric data, in addition to your primary password. This ensures that even if your password is compromised, attackers still can't access your account.

Monitor Account Activity

Regularly reviewing your account activity can help you spot any suspicious behavior before it escalates. Set up notifications for unusual transactions, login attempts, or changes to your account information. If you notice anything out of the ordinary, take immediate action by contacting your account provider or changing your password.

Learn how to enable advanced card control features on your USSFCU cards >>

Beware of Phishing Attacks

Fraudsters often use phishing emails or messages to trick you into revealing sensitive information. Be vigilant about scrutinizing any email, text message, or social media communication that requests your login credentials or personal data.

Remember: legitimate companies will never ask you for your password or sensitive information through these channels.

Keep Software Up to Date

Outdated software can be a goldmine for cybercriminals looking to exploit vulnerabilities. Regularly update the operating system, web browsers, and security software on all your devices to stay protected against new threats.

Account takeover fraud can have serious consequences. But, by implementing these simple steps, you'll be well on your way to securing your online presence. Stay informed, stay vigilant, and stay one step ahead of fraudsters.

Article courtesy of Chargebacks911. For educational purposes only.

View all posts

Members' Voice Testimonials

This credit union is the best, I love the customer service and you can't beat the interest rates. I'm happy to be a member of this great credit union.

- James · Locust Grove, GA

The branch manager introduced herself and was extremely helpful. She stated that if there is anything we ever need to please let her know. Very positive experience!

- Larry · Cumberland, MD

Greta was absolutely amazing - as always. She makes me and my parents feel valued and supported. We are forever grateful. [The Credit Union] has been hugely supportive over many years. And we feel known and cared for.

- Eliza · Washington, DC

Long as I have been with the credit union, I haven't had any problems. I also like the protection on my account.

- Charles · Upper Marlboro, MD

My overall experience at the credit union was exceptional. The staff was hospitable offering water, my service was timely and professional and the office was well lit and clean.

- Denise · Washington, DC

As a member for more than 40 years, i have always had great service from the USSFCU and know that they stand behind their great reputation.

- David · Silver Spring, MD

A top rate Credit Union, [I'm] privileged to be part of! Thank you for all you do for our family! USSFCU Credit Union was able to resolve our financial situation - vehicle, personal loans, customer service/recommendations, within 6 months. We belonged to another credit union for over 20 years, with results not even close to comparison. We switched ...

- Manuel · Bowie, MD

Your people and products are amazing. The recent [online banking] overhaul is phenomenal. [I've] been electronic banking since Tele action phone banking - paying bills with my push button landline decades ago. USSFCU is light years ahead of everyone else in terms of ease of use and client experience!

- Misty · Brookings, OR

I have been a member for more than 30 years. I no longer reside in the DC area but continue to bank with USSFCU because of the ease and the customer service.

- Tamra · Denver, CO

I have been a member for over 50 years, and I have always gotten good service with loans, when I had to have service at a branch, and when I needed to have money sent to me from my savings account. The personnel have always been friendly and treated me with respect.

- John · Fort Washington, MD

I especially appreciate being able to quickly speak with someone (not a robot) and that person has always been knowledgeable and helpful.

- Bernard · Richmond, VA

Excellent customer service streamlined and transparent process. The representatives are efficient, knowledgeable, and understanding of the type of loans offered by Credit Union.

- Erwin · Ellicott City, MD

The USSFCU behaves as a credit union ought to behave. The staff works with and for the members, not for a corporate board. Interest rates for a car loan, a home improvement loan, and a mortgage are low and terms are transparent.

- Ruth · Takoma Park, MD

Staff are courteous and friendly to work with. Very knowledgeable about services and products offered or available. Excellent follow-up with customers.

- Jacquelyn · Sanford, FL

I have appreciated USSFCU services for many years since I left my work on Capitol Hill. I have appreciated the occasional webinars on purchasing a home or retirement planning.

- Jamie · Washington, DC

I have been a member since 2006, and have always appreciated the customer service response to any concern or query. In addition, as I have traveled extensively, USSFCU has provided support and access.

- Kathleen · Ukiah, CA

I've had a credit union account for decades, even though I no longer work on Capitol Hill. I now have two accounts. I've been able to do all of our banking remotely, by app or by phone.

- Richard · Washington, DC

I have been a USSFCU member for almost 20 years. There is nowhere else I want my money to be. I always receive excellent service.

- Nicole · Alexandria, VA

I deeply appreciate the stellar service, the proficiency, the professionalism, and the kindness. I am truly honored and grateful to bank with a financial institution that treats customers like family.

- Angela · Alexandria, VA

Read More testimonials.