In today’s highly tech-savvy landscape, crime has also evolved, with cases of cybercrime on the rise. Over the last couple of years, account takeover and fraud have become increasingly common, especially in financial institutions. Account takeover is one of the most common forms of identity theft, and it can cost you a lot of time and money.

Here's everything you need to know about account takeover fraud, and what you need to do to avoid falling victim to this heinous crime.

What is Account Takeover?

Account takeover is a situation where cybercriminals gain access to a victim's online account such as a bank, credit card, eCommerce, etc. Once they successfully log into your accounts, cybercriminals can make fraudulent transactions online or even extract information that they can use to access your other accounts. Cybercriminals often target social media and email accounts, as well as those that you use to shop or handle bank and credit cards.

How Do Criminals Get Your Account Information?

Account takeover is a constantly evolving threat, and it comes in different forms. Cybercriminals employ different tactics in a bid to try and retrieve your account information. These tactics are:

Phishing

Phishing scams impersonate legitimate, trusted brands and individuals to lure account owners into clicking dubious links. These links usually download and install malware that harvests credentials into the user's device. The most common form of phishing is email, but social media messaging services and text messages (SMS) are also utilized by scammers.

Credential Stuffing

Scammers buy a list of stolen credentials from the dark web and then attempt to use these to log into different accounts using these details. A cybercriminal might do this by themselves or deploy bots to carry out login attempts.

Brute Force Attacks

This is similar to credential stuffing; the difference is that the fraudsters try to guess multiple passwords on a single site and gain access to your accounts using automated bots.

SIM Card Swapping

Fraudsters will sometimes use social engineering techniques like impersonating a customer and convincing the mobile carrier to swap the customer's sim card. Cybercriminals use the swapped sim card for authenticating login attempts to gain access to your account.

Check Fraud

Check fraud refers to any efforts to obtain money illegally using paper or digital checks. Fraudsters will try to forge a check in someone else’s name or draft a completely fake check. Check Fraud can also include countless other types of fraud using checks. Some red flags to look out for include being asked to buy gift cards or send money orders, you’re paid with a check for more than you’re owed, you’re asked to send money overseas, or you’re asked to pay for a prize.

What Do Fraudsters Do with Stolen Accounts

Successful account takeover attacks are often detrimental. Once cybercriminals gain access to your account, they can do a lot of damage, for instance:

• Withdraw funds or make fraudulent transactions using your account
• Auction your account credentials on the Dark Web
• Change your account information including email, password, phone number, home address, etc.
• Retrieve and make off with personally identifiable information. The information they obtain can be used to gain access to other accounts
• Request for a new credit card, new account, or any other financial product
• Set up a new account using your name and personal information

Ensure that you are vigilant, especially when it comes to notifications of suspicious activities on your accounts. When cybercriminals get access to your accounts and retrieve sensitive information, the repercussions might be more than loss of funds.

How Can You Protect Yourself from Account Takeover?

It is almost impossible to completely curb account takeover because of the constant and rapid evolutions of these attacks. However, it is possible to minimize the chances of successful breaches by following a couple of best practices:

Use Multifactor Authentication

If your account supports multi-factor authentication, then it’s advisable to use it. Setting up multiple verifications such as one-time passcodes, biometrics, etc. before accessing the account is an effective way to thwart unauthorized login attempts.

Avoid One Password for All Your Accounts

We understand that it’s difficult to keep track of all account passwords, especially when they are different. However, cybercriminals are more successful in their attempts if you tend to use the same logins on multiple accounts. Use secure password managers to generate and store passwords across multiple devices if you are one to forget.

Use Antivirus Software

An effective prevention measure is using antivirus software to detect and counter any malware before they are downloaded and installed on your device. Ensure that you keep the antivirus up to date to avoid falling victim to new malware.

Consider Identity Theft Protection Services

You can opt for an identity theft protection service to safeguard and keep close tabs on your financial accounts. These services monitor your financial accounts for any suspicious activity and scan the dark web for matching details.

What to Do if Your Account Has Been Hacked

Although we hope to never experience an account takeover, sometimes it happens. So, what should you do when you discover that your account has been hacked?

1. File a report to relevant agencies. Once you realize that your account has been breached, immediately notify the involved company e.g. the bank so they safeguard your assets. Report the issue to the Internet Crime Complaint Center (IC3) as well.
2. Change your passwords. If you still have access to the account, immediately change your password to prevent any further damage. Ensure that you change the passwords to other linked accounts too or others that share the same login credentials.

Taking Account of Identity Fraud

The consequences of account takeover are potentially detrimental, and we hope you never fall victim to identity fraud. It's almost impossible to eliminate account takeover because cybercrime is constantly evolving, but it’s possible to minimize the chances of successful attempts. Maintain strong account security, remain vigilant, and take precautionary measures to keep your accounts secure. You can also rely on identity theft monitoring and protection services to keep your accounts safe.

Your account’s security is of the utmost importance to us at Capitol Credit Union. Our team completes annual security training to stay up to date on the latest security issues. We recommend you refer to the Federal Trade Commission for step-by-step guides, articles, and videos concerning Identity Theft & Account Takeovers. You can also find a tab on our website for our “Security Center” linking you to resourceful security information: https://www.ccutx.org/security-center.html.