Fraudsters use startlingly sophisticated techniques to infect and take over accounts.

Account Takeover, or ATO, is a form of payment fraud that targets electronic transactions. Fraudsters perpetrate the scam by gaining access to your systems and generating fraudulent electronic payments, usually ACH batches or Wires. It is closely related to Business Email Compromise (BEC), which revolves around phishing emails and email spoofing.

Scammers are getting more sophisticated all the time. They patiently study their targets and the businesses they interact with, learning all they can about them so they can execute their scams without detection.

Continue reading to find out:

  • What Account Takeover Fraud is
  • How to prevent Account Takeover
  • What the S.E.C.U.R.E. method is

Account takeovers start with obtaining account data and conducting targeted phishing scams.

Account takeover attacks begin with fraudsters obtaining personal data, often starting by purchasing data leaked in a previous breach. They use that data to create targeted phishing scams to hack accounts. One of the most common phishing scams is when the scammer impersonates the target’s bank, or some other trusted entity, and sends an urgent alert via email, text or phone which requires immediate action. The action takes the target to a fake banking portal that installs malware.

Malware can take over your account, so you need to be careful about actions that can infect your devices.

There are different types of malware. However, most are designed to do one thing: capture their victims’ banking credentials so criminals can take over their account. Some do it by redirecting the victim to a malicious website, some intercept everything the victim types while others can even modify transaction details. Malware is typically downloaded inadvertently by visiting risky websites or by opening attachments, apps or even program updates without verifying their sources. For example, if you get a pop-up notice to update Flash®, do not respond it. Instead, go to the Adobe® site and check there for updates.

As mobile banking becomes more popular, mobile banking trojans are becoming more prevalent. Mobile banking is growing in popularity and for good reason.

Mobile banking is convenient and enables you to access your account anytime, from anywhere. With the right protections and precautions, it is safe. Keep in mind that fraudsters are becoming better at replicating bank interfaces with so-called overlay attacks that push the actual app to the background, overlaying a fraudulent one that looks just like the real thing. Once that happens, fraudsters can redirect fund transfers to their own accounts. Man-in-the-middle attacks put fraudsters between you and the bank to hijack your communications.

Man-in-the-middle attacks can come from malicious public WiFi hotspots and through mobile banking apps with insufficient protections.

An effective mobile banking app has safety features to ensure there is a secure connection for the transfer of mobile banking data.

No one fraud detection system can protect you from being hacked—the best account takeover solution is to protect yourself before it happens by following the S.E.C.U.R.E. method.

S.E.C.U.R.E. method stands for Safety Enhanced Communities Utilizing Resident Endeavors. It means layering several malware detection and security systems to protect your accounts. Consider implementing a robust authentication process such as IP blacklisting, configuring rules in a WAF, and CAPTCHAs. Incorporate behavioral fraud and bot detection, out-of-band transaction verification, mobile authentication and extended validation SSL digital certificates as part of your security system.

Banc of California Account Takeover Article

Download Article

Read more on how to protect yourself and your business from Account Takeover Fraud.

Learn more ways to protect your business: