More people are living their lives online, and at the centre of it all is email. Today, a person’s email account is connected to a host of third-party services and contain archives of messages required for work.   

However, such accounts can be compromised by hackers who may then commit identity fraud in their victims’ names. This form of attack is known as account takeover (ATO) fraud, and it can do serious damage if you’re not aware of how it works.  

What is ATO fraud?

ATO fraud occurs when a hacker gains access to a target’s account by stealing usernames and passwords. These login credentials are often obtained through three tactics:

• Online scams – Hackers dupe victims into giving away personal information, usually by sending emails purporting to be from a legitimate person or company  
• Malware – Malicious programs like spyware and keyloggers are specifically designed to track user activity and steal passwords
• Brute-force – Would-be criminals use either trial-and-error or a program to guess passwords

Once inside, the hacker can use the account to meet nefarious ends. They may change passwords to lock you out of your account, steal financial information, scam your email contacts, and more. It differs from identity theft, whereby fraudsters steal their victims’ information to create new accounts.

Hijacking email accounts also gives hackers access to apps and sites your email is tied to. This means they’ll be able to tamper with business documents, post in your social media, and make unauthorised wire transfers. In most cases, however, they’ll sell sensitive information on the dark web to turn a profit.

To avoid raising suspicion, cybercriminals carry out small, less noticeable crimes over time. They’ll even disable app and email notifications to hide their activities, allowing ATO scams to go undetected for several weeks, sometimes months. By the time victims notice an ATO attack, extensive damage may have already been dealt to their finances and reputation.   

Is there a way to detect ATO fraud?

Although fraudsters often employ several tactics to cover up their tracks, there are a few things you can do to detect ATO.

For starters, find out whether access privileges to certain apps and notification settings were modified. Then, inspect account activity logs for any unusual devices and IP addresses that access your account. If there’s an item you don’t recognise, make sure to sign out of all web sessions and change your password as soon as possible. You should also check your financial statements for any fraudulent transactions.

Another way to confirm an ATO attack is to use security systems with Geo tracking, account and network monitoring, and user behavioural analysis. These will detect identity theft and suspicious activities tied to your accounts, and recommend the best way to mitigate the risks.

If you are a victim of an ATO attack, you must do the following:

• Reset login credentials (preferably with a longer ‘passphrases’ that contain a combination of letters, numbers, and symbols)
• Reverse fraudulent transactions and changes made in your name
• Track your identity information on the dark web to prevent identity theft
• Notify contacts and anyone who may be affected by your compromised account
• Alert authorities and government agencies about the breach (i.e., the Office of the Australian Information Commissioner)  

How can you prevent ATO?

Setting up preventative security measures can save you thousands of dollars and countless hours recovering from ATO. Here’s what you need to do:

• Manage access privileges – By restricting account access from other devices and networks, hackers won’t be able to infiltrate your accounts through unauthorised locations
• Limit login attempts – Email systems allow you to set account lockout policies that prevent hackers from guessing your password through trial and error
• Enable multifactor authentication – Adding another layer of protection over passwords such as temporary SMS access codes or an authenticator app ensures that only you have access to your accounts
• Use threat prevention systems – These block potentially malicious programs and other activities that could indicate a cyberattack
• Train your staff – It’s vital to have a workforce that’s constantly aware of online scams and adheres to password best practices

There’s a lot to consider when creating a robust ATO fraud detection and prevention strategy, but implementing it won’t be a problem if you have the right tools and guidance. Empower IT offers comprehensive cybersecurity solutions and training services that can be customised to your needs. Call us today to prevent hackers from putting a damper on your business.