• IT Services

    Managed IT Services

    • Managed IT Service Desk
    • Managed IT Infrastructure
    • Managed IT Monitoring
    • Managed Backup
    • Mobile Device Management

    IT Security

    • Network Security
    • Email Security
    • Website Security
    • Security Assessment

    Cloud Services

    • Private Cloud
    • Cloud Migration
    • Cloud Backup
    • Office 365 for Business
    • Job Management System

    IT Services

    • IT Projects
    • Business Phone System
    • IT Planning
    • IT Systems Health Check
    • Education Solutions
  • Software Services

    Technology

    • Microsoft 365
    • Dynamics 365
    • SharePoint
    • Power BI
    • Power Apps

    Services

    • Business Consulting
    • Software Development
    • Strategic Architecture
    • Intranet Development
    • Data Migration
    • Business Analytics & Data Visualisation

    Solutions

    • Solutions by Industry
    • Solutions by Business Need
    • Solutions by Technology
  • About

    • About us
    • Our Clients
    • Success Stories
    • Our Partners
    • Blog
    • Resources
    • Careers
  • SUPPORT

    • Quick Support
  • Contact Us

FOLLOW US

Sales:
1300 797 888


Support:
1300 797 838

Search

Search
Call us 1300 797 838
EmpowerIT logo
  • IT Services

    Managed IT Services

    • Managed IT Service Desk
    • Managed IT Infrastructure
    • Managed IT Monitoring
    • Managed Backup
    • Mobile Device Management

    IT Security

    • Network Security
    • Email Security
    • Website Security
    • Security Assessment

    Cloud Services

    • Private Cloud
    • Cloud Migration
    • Cloud Backup
    • Office 365 for Business
    • Job Management System

    IT Services

    • IT Projects
    • Business Phone System
    • IT Planning
    • IT Systems Health Check
    • Education Solutions
  • Software Services

    Technology

    • Microsoft 365
    • Dynamics 365
    • SharePoint
    • Power BI
    • Power Apps

    Services

    • Business Consulting
    • Software Development
    • Strategic Architecture
    • Intranet Development
    • Data Migration
    • Business Analytics & Data Visualisation

    Solutions

    • Solutions by Industry
    • Solutions by Business Need
    • Solutions by Technology
  • About Us
    • About us
    • Our Clients
    • Success Stories
    • Our Partners
    • Blog
    • Resources
    • Careers
  • Support

    NSW & ACT Support
    Phone: (02) 8030 8900
    VIC & TAS Support
    Phone: (03) 9012 9620

    QLD Support
    Phone: (07) 3056 2640
    WA, SA & NT Support
    Phone: (08) 6488 0000

    Quick Support
    Client Portal
  • Contact
  • Empower blog

    How to detect and prevent account takeover fraud

    Contact us

Share:

How to detect and prevent account takeover fraud

April 15, 2019 | Blog,Cyber Security

account takeover fraud blog

More people are living their lives online, and at the centre of it all is email. Today, a person’s email account is connected to a host of third-party services and contain archives of messages required for work.   

However, such accounts can be compromised by hackers who may then commit identity fraud in their victims’ names. This form of attack is known as account takeover (ATO) fraud, and it can do serious damage if you’re not aware of how it works.  

What is ATO fraud?

ATO fraud occurs when a hacker gains access to a target’s account by stealing usernames and passwords. These login credentials are often obtained through three tactics:

  • Online scams – Hackers dupe victims into giving away personal information, usually by sending emails purporting to be from a legitimate person or company  
  • Malware – Malicious programs like spyware and keyloggers are specifically designed to track user activity and steal passwords
  • Brute-force – Would-be criminals use either trial-and-error or a program to guess passwords

Once inside, the hacker can use the account to meet nefarious ends. They may change passwords to lock you out of your account, steal financial information, scam your email contacts, and more. It differs from identity theft, whereby fraudsters steal their victims’ information to create new accounts.

Hijacking email accounts also gives hackers access to apps and sites your email is tied to. This means they’ll be able to tamper with business documents, post in your social media, and make unauthorised wire transfers. In most cases, however, they’ll sell sensitive information on the dark web to turn a profit.

To avoid raising suspicion, cybercriminals carry out small, less noticeable crimes over time. They’ll even disable app and email notifications to hide their activities, allowing ATO scams to go undetected for several weeks, sometimes months. By the time victims notice an ATO attack, extensive damage may have already been dealt to their finances and reputation.   

Is there a way to detect ATO fraud?

Although fraudsters often employ several tactics to cover up their tracks, there are a few things you can do to detect ATO.

For starters, find out whether access privileges to certain apps and notification settings were modified. Then, inspect account activity logs for any unusual devices and IP addresses that access your account. If there’s an item you don’t recognise, make sure to sign out of all web sessions and change your password as soon as possible. You should also check your financial statements for any fraudulent transactions.

Another way to confirm an ATO attack is to use security systems with Geo tracking, account and network monitoring, and user behavioural analysis. These will detect identity theft and suspicious activities tied to your accounts, and recommend the best way to mitigate the risks.

If you are a victim of an ATO attack, you must do the following:

  • Reset login credentials (preferably with a longer ‘passphrases’ that contain a combination of letters, numbers, and symbols)
  • Reverse fraudulent transactions and changes made in your name
  • Track your identity information on the dark web to prevent identity theft
  • Notify contacts and anyone who may be affected by your compromised account
  • Alert authorities and government agencies about the breach (i.e., the Office of the Australian Information Commissioner)  

How can you prevent ATO?

Setting up preventative security measures can save you thousands of dollars and countless hours recovering from ATO. Here’s what you need to do:

  • Manage access privileges – By restricting account access from other devices and networks, hackers won’t be able to infiltrate your accounts through unauthorised locations
  • Limit login attempts – Email systems allow you to set account lockout policies that prevent hackers from guessing your password through trial and error
  • Enable multifactor authentication – Adding another layer of protection over passwords such as temporary SMS access codes or an authenticator app ensures that only you have access to your accounts
  • Use threat prevention systems – These block potentially malicious programs and other activities that could indicate a cyberattack
  • Train your staff – It’s vital to have a workforce that’s constantly aware of online scams and adheres to password best practices

There’s a lot to consider when creating a robust ATO fraud detection and prevention strategy, but implementing it won’t be a problem if you have the right tools and guidance. Empower IT offers comprehensive cybersecurity solutions and training services that can be customised to your needs. Call us today to prevent hackers from putting a damper on your business.  

Back to Blog

Subscribe Subscribe for the latest news and updates

"*" indicates required fields

Hidden
This field is for validation purposes and should be left unchanged.

Categories

Cloud Computing 65
Internet 6
Mobility 12
Cyber Security 135
Data Breaches 2
Email Security 10
Password Security 8
Education Industry 9
IT and Business 84
Remote Working 10
IT Planning 37
Budgeting 9
Consulting 10
IT Roadmap 6
Software Applications 76
Microsoft 365 12
Microsoft Dynamics 365 17
Microsoft Dynamics CRM 34
Microsoft Flow 1
Microsoft Intune 1
Microsoft Power BI 7
Microsoft SharePoint 20
Microsoft Teams 6
Technology & Trends 74
Back to Blog

IT Services

Managed IT Services

  • Managed IT Service Desk
  • Managed IT Infrastructure
  • Managed IT Monitoring
  • Managed Backup
  • Mobile Device Management

IT Security

  • Network Security
  • Email Security
  • Website Security
  • Security Assessment

Cloud Services

  • Private Cloud
  • Cloud Migration
  • Cloud Backup
  • Office 365 for Business
  • Job Management System

IT Services

  • IT Projects
  • Business Phone System
  • IT Planning
  • IT Systems Health Check
  • Education Solutions

Software Services

Technology

  • Microsoft 365
  • Dynamics 365
  • SharePoint
  • Power BI
  • Power Apps

Services

  • Business Consulting
  • Software Development
  • Strategic Architecture
  • Intranet Development
  • Data Migration
  • Business Analytics & Data Visualisation

Solutions

  • Solutions by Industry
  • Solutions by Business Need
  • Solutions by Technology

About

  • About us
  • Our Clients
  • Success Stories
  • Our Partners
  • Blog
  • Resources
  • Careers

Follow Us

LinkedIn
Twitter
Facebook

CONTACT US

Support

Ph. 1300 797 838

@. [email protected]

Sales

Ph. 1300 797 888

@. [email protected]

Copyright © 2022 Empower IT      |      Privacy Policy      |      Website Terms of Use       |      Client Portal