Ac(K)ount Takeover Part 1: What is Account Takeover?
Account takeover is as common in the fraud world as fish in the sea. While it’s been around for awhile, it’s gained significant traction as a new buzzword and one of the most popular types of fraud today. It’s become so widespread, we not only have one – but two – posts to examine how it works and what you need to beware of. Today, we take a look at what it is and how it works.
Account takeover occurs when a fraudster obtains an individual’s personal information such as an account number, password, username or social security number and changes the official contact information or adds another user to an existing account. It’s ideal for fraudsters because it allows them a window of opportunity to conduct transactions without the victim’s knowledge. The fraudster can also change information so that it’s inaccessible to the true owner, conducting transactions without the victim knowing and before he or she can even discover this has taken place.
Some of the most common ways a consumer can fall prey to account takeover is just from a benign click. Fraudsters can steal information through the use of malware, Trojan software, or the black market. And sometimes – it’s just out of the users’ control. Account takeover has increased given the number of data breaches that allow cyber criminals to obtain information to access consumer accounts or new ones, including credit cards, bank accounts, mobile accounts, gaming, among others. According to a 2014 report from Javelin, account takeover fraud hit a new record in incidence for the second year in a row and accounted for 28 percent of all identity fraud. Countless numbers of data breaches occur on a monthly basis, and significantly more data is being obtained because of it.
Another reason this form of fraud is so prevalent is because fraudsters prey on consumers’ laziness. Some people don’t check their bank accounts or credit card bills regularly, allowing fraudsters to make fraudulent transactions under the radar with plenty of time to hide their tracks before the victim realizes what’s happened. Any account that is used to buy, store or access confidential information, goods and services is ripe for target. The shift to EMV has also spurred an increase in digital fraud, as EMV cards have made it more difficult for fraudsters to hack information at the point of sales in person, shifting more fraud from in-person to online.
So how can you avoid becoming account takeover bait? Stay tuned for our next post on ways to combat account takeover.