An account takeover attack is a form of identity theft in which a cybercriminal takes over someone else’s online account. Cybercriminals steal a victim’s login credentials without them knowing through methods such as brute force attacks and phishing.
Once the cybercriminal gains access to a victim’s account, they change the login credentials to prevent the victim from logging back in. When account takeovers happen, cybercriminals have full access to the account to do whatever they please such as scam others the victim may know or commit credit fraud. These types of attacks can happen to all kinds of online accounts such as social media, email and bank accounts.
Continue reading to learn how account takeovers happen, what signs to look out for, what to do if it happens to you and how to protect yourself from them.
How Do Account Takeovers Happen?
Cybercriminals look for security vulnerabilities and exploit them to gain access to a user’s accounts. They use a variety of techniques to try to break in and take over your accounts, but the techniques listed below are the most common.
Brute force attacks
A brute force attack is a type of cyber attack that tries to guess login credentials and other sensitive information. Through trial and error, and typically by using a program, cybercriminals input commonly used passwords or phrases or combinations of numbers or letters until they get the right password to access your account.
Phishing is the most common cyber attack. Through phishing, cybercriminals try to get people to reveal confidential information, such as their login credentials, by impersonating a reputable company or familiar face. This can happen by leading the victim to a spoofed website where they willingly input their credentials, or by getting them to open a malicious attachment or link that steals their information or downloads malware. These links and attachments are typically through emails or text messages that appear to be from a trusted source.
A man-in-the-middle attack is a type of cyber attack that intercepts data between two entities to steal, eavesdrop or modify the data being sent. Cybercriminals exploit the vulnerabilities of existing networks, such as public WiFi networks, to position themselves between the two parties exchanging data and steal any incoming information.
Malware is a type of malicious software that infects your device with the intent of damaging it or stealing your information. It can collect sensitive information through programs such as keyloggers that monitor and record your activity. Keyloggers are dangerous because they track your keystrokes in real-time, exposing your login credentials when you enter them into your bank account or social media account, for example, making it possible for the cybercriminal to access and take over your accounts.
Credential stuffing happens when a cybercriminal steals a set of credentials, usually in a data breach, and attempts to use them to gain access to multiple accounts. This is an effective method for account takeovers since many reuse their passwords.
Password cracking is the process of using programs to decipher passwords stored in a computer system or sent through a network by attempting a combination of known passwords or common dictionary words or sets of specific letters and numbers until cybercriminals get a match and compromise your password.
Cybercriminals use any type of security vulnerability, from unsecured WiFi networks to weak passwords, to break into an account and take it over.
Signs of an Account Takeover
Account takeovers are a common occurrence and something you need to be aware of. Here are some ways to detect an account takeover attack.
Unusual account activity
One way to tell if your account has been compromised is when you notice unusual activity. Cybercriminals use your accounts to steal your money, gain access to your personal information or information on people you know. Unusual activity can look like the following:
- Unfamiliar charges in your bank account
- A sudden drop in your credit score
- New inquiries on your credit report
- Social media posts and messages made by someone else
- Deletion of all your previously-created social media posts and messages
- Unexpected medical bills
- Denial of loan application
- Call from debt collectors
- Lack of emails
- Fraud alerts
Changes to account information
You should look out for any changes made to your account information such as a change in address, username, phone number, email address or password. If you notice your account information has changed and it wasn’t you, it’s likely that a cybercriminal has taken over your account.
Failed login attempts
If you are having issues logging in to your account, even with the correct credentials, then your account has been taken over. A cybercriminal has changed the login information to your accounts and locked you out. Once a cybercriminal has taken over your account, it can be difficult to log back in, even after a password reset.
Unfamiliar devices logged in
If you notice an account login on a device you do not recognize, then your account has been compromised. Quickly change your password for that account and others using the same credentials. Make sure your account logins are only on devices you recognize and log out of your accounts on any unfamiliar devices.
What To Do if an Account Takeover Happens To You
If you believe you have experienced an account takeover attack, then you should:
Contact your credit lenders and bank: A cybercriminal can take over your bank account to start making purchases or open credit cards under your name. You should contact your credit lenders and banks to freeze or lock your accounts to protect yourself from credit fraud.
Report it to the FTC: The Federal Trade Commission (FTC) is a government agency that protects consumers from deceptive and unfair business practices. You should contact them to file a report if you have experienced any type of fraud or malpractice.
Freeze your credit with the credit bureaus: In order to prevent any further damage after an account takeover, you should freeze your credit with the three credit bureaus: Experian, TransUnion and Equifax. You must contact each bureau separately. Freezing your credit with just one bureau and not the others can put you at risk since lenders use different scoring models. Freezing your credit will help protect you from fraud and identity theft.
Reset your password: If your password has been compromised, you should reset it right away to contain the breach.
Recover your account: If your account has been taken over, you should contact customer service to try to recover your account if you aren’t able to reset your password and log back in.
Contact entities involved: To prevent further damage and other cyber attacks from happening, you should let the affected entities know that your account has been compromised. This can include letting your bank know of any fraudulent activity or alerting your email contacts someone is impersonating you.
Contact the police: Contacting the police and filing a report is only necessary if you have any details about the criminal who stole your information, or if you need to resolve financial or legal disputes.
How To Protect Yourself From Account Takeovers
Here are some ways you can protect your online accounts from account takeovers.
Secure accounts with strong and unique passwords
You should never reuse passwords across multiple accounts as it puts you at a greater risk of account takeovers. Instead, use strong and unique passwords for all of your online accounts.
We understand that it can be difficult to come up with strong passwords for all of your different accounts. To add to that, keeping track of all of your unique passwords is no easy task. Using a password manager helps relieve that stress since all of your passwords are stored in a secure, encrypted vault. Password managers can also randomly generate passwords to ensure they are strong and unique for each account.
Enable MFA to all of your accounts
Multi-Factor Authentication (MFA) is an extra layer of protection for you accounts that requires an additional form of authentication in order to log in. Even if your login credentials have been stolen, MFA will protect your account since cybercriminals won’t be able to verify your identity. Enabling MFA will help prevent account takeovers from happening to you.
Do not overshare online
Although social media is a great place to connect with others, and update your friends and family about your life, you should not overshare online due to the risk of identity theft. Cybercriminals will use the personal information you share online to try breaking into your accounts. It is best practice to be thoughtful of what you share online and keep your profiles private.
Secure your home or office WiFi
Cybercriminals who use man-in-the-middle attacks exploit the vulnerabilities of existing networks to intercept data between two entities. Securing your WiFi will protect you from man-in-the-middle attacks and prevent your login credentials from being stolen.
A dark web monitoring tool scans and monitors the dark web for any personal information such as passwords. It alerts users of any data breaches so that they can take immediate action such as quickly changing their passwords. Using a dark web monitoring tool will help alert you of any password breaches and prevent your accounts from being taken over.
Stay educated on cyber threats
The best way to prevent future account takeovers is by educating yourself on the different types of cyber threats. Exercising cybersecurity best practices will help you remain safe online and avoid account takeovers.
Protect Yourself From Account Takeovers
Account takeovers can tarnish your reputation, damage your finances and impact your mental health. You should always be on the lookout for any signs of an account takeover and take steps to protect yourself. If you are worried that your account has been compromised in a breach, you can use Keeper’s free dark web tool to scan the dark web and see if your credentials have been exposed.