Account Takeover Fraud: Detection & Prevention

"Account takeover" is a kind of fraud that can happen across many online spaces, such as email accounts and social media accounts. It can also happen to financial accounts, creating the potential for identity theft and financial loss.

Understanding account takeover can help you prevent yourself from becoming a target and recognize the early warning signs before it happens to you.

 

What is Account Takeover Fraud?

Account takeover fraud happens when a criminal gains access to control a victim's account in an attempt to steal money or sensitive information. Criminals will use a variety of techniques to steal your login information through different types of attacks, such as phishing emails, malicious links or malware.

This type of fraud is becoming increasingly common, with 29% of American adults experiencing account takeover in 2023, up from 22% in 2021.

Account takeover fraud doesn't just cause immediate financial loss. It can also result in long-term issues related to identity theft with the loss of personal data such as passwords, security questions, birth dates and other contact details.

It can expose victims to risks like:

• Increased risk of identity theft
• Damage to reputation
• Vulnerability to additional account takeovers 
• Unauthorized purchases or fraudulent charges
• Credit score damage due to unauthorized financial activities
• Loss of access to critical services (e.g., healthcare, banking)
• Potential legal or financial liability from fraudulent activities

An Example of an Account Takeover

Imagine receiving a text message that appears to be from your bank. The message reads, "Urgent: Suspicious Activity Detected on Your Account. Verify Immediately to Avoid Suspension." Such a message is intended to pressure you to respond right away, often before you have time to think carefully. At the end of the text, you may find a link that claims it will take you to your bank’s security page.

Once you click the link, you're directed to a fake website that looks nearly identical to your bank's official page. Here, you’re prompted to enter your login credentials. By doing so, you’ve unknowingly given your information to a criminal who can now access your account, transfer funds and even change your account settings to lock you out. This is known as a bank text scam. It is just one of the many ways a criminal can take control of a person's bank account.

 

What Are the Types of Account Takeover Attacks?

Attackers may use a number of different tactics to take over your accounts, but the goal is always the same: stealing your credentials. Here’s a closer look at some of the most common ways a criminal can try to compromise your information for personal gain.  

Phishing Attacks 

Phishing attacks use deceptive emails to trick people into sharing personal information. Criminals disguise themselves by making the email look like it’s from a trusted company or organization, such as a bank, an online retailer or a government agency like the Social Security Administration or IRS. 

These emails will often convey a sense of urgency, warning you about a supposed account issue or suspicious activity. They then ask you to "verify" or "update" your information by clicking on a link.

The link directs you to a fake website that looks nearly identical to the legitimate one. Once you enter your details, such as login credentials, Social Security number or financial information, the scammers capture this data and use it for fraudulent purposes.

Malware and Spyware Installations

Shockingly, around 190,000 new malware attacks are launched every second. Often through phishing emails or unsecured Wi-Fi networks, scammers can secretly install malware or spyware on your devices.  

Once installed, this malicious software can capture passwords when you login to your bank accounts or other sensitive sites. It may even allow criminals to access files on your device that contain private information. 

Credential Buying and Selling on the Dark Web

The dark web is a hidden part of the internet where criminals buy and sell stolen personal information. If your data is exposed through a data breach or phishing scam, it may end up for sale there. 

Information like your Social Security number, driver’s license, passport details, address, phone number and credit card information are often sold at low prices. Once purchased, this information can be used to commit account takeover fraud. 

Credential Stuffing

In a credential stuffing attack, criminals use stolen login credentials that are often obtained from a data breach. They rely on automated tools to test these username-password combinations across multiple websites, including social media, banking and shopping platforms. Since many people reuse passwords across accounts, criminals can access multiple services with a single stolen password.

Once they gain access, attackers can steal sensitive information such as credit card numbers and personal documents or even drain bank accounts through unauthorized purchases. Credential stuffing attacks are dangerous because they can go undetected as they typically blend in with legitimate login attempts.  

Password Spraying

Password spraying is a type of attack where criminals use a known username and try to access multiple accounts by entering a single, commonly used password (like “password123”). Unlike credential stuffing, which uses specific stolen credentials, password spraying focuses on testing one weak password across many accounts with the hopes one will grant access. 

This method avoids account lockouts by trying one password per account at a time, often targeting accounts with single sign-on (SSO) services. Once criminals find a match, they can access personal information or financial data linked to the account.

 

How to Detect Account Takeover Fraud

In the summer of 2023, the FBI began investigating a criminal ring involved in identity theft and account takeovers. Victims lost an average of $80,000 in just one day as the criminals drained business accounts through cash withdrawals. So far, this ring has targeted over 60 victims across states like Arizona, California, Texas and Florida.

While this is just one instance, account takeover fraud can happen to anyone, anywhere. Fortunately, by recognizing certain warning signs, you can detect account takeover fraud early and help protect yourself from serious consequences.

Here are some account takeover warning signs to watch for:

• Unusual activity on your accounts
• Unrecognized login attempts or new devices logging in
• Suspicious emails, texts or notifications
• Unexpected password changes
• Being locked out of your account unexpectedly
• Changes to your recovery email or phone number

It’s also a good habit to regularly review your card statements and pay attention to any alerts from your bank or financial institution that seem out of the ordinary.

 

How to prevent account takeover

Criminals are always finding new ways to hack into accounts, but strengthening your security can help keep them out.

Here are some ways you can keep your accounts safe and prevent account takeovers:

• Use Multi-Factor Authentication (MFA). MFA is a process that requires a person to use a second verification method, other than a password, to access an account. This adds an extra layer of security by requiring multiple steps to log in, such as entering a code sent via text or email in addition to your password. MFA makes it harder for criminals to access your account, even if they have your password.  
• Use strong and unique passwords. Create passwords that are at least 16 characters long with special characters and avoid reusing them across accounts. A secured password manager can help by generating, storing and encrypting complex passwords, so you don’t need to remember each one.
• Use biometrics if available. If available, opt for biometric authentication such as fingerprint or facial recognition. Biometrics can help prevent unauthorized logins, since criminals cannot bypass it without your physical presence.
• Use a Virtual Private Network (VPN) on public Wi-Fi. When connecting to public Wi-Fi, a VPN can help secure your information by encrypting your connection. This reduces the chances of malicious software being installed.
• Use dual control for ACH payments, wires and other outgoing funds. Dual control adds a second person to verify immediate transfers which can help prevent errors or unauthorized payments. 

 

What to do if You’re a Victim of an Account Takeover

If you think your account has been taken over, it’s important that you act quickly. Start by contacting your financial institution right away. They can help you secure your account, reverse unauthorized transactions and advise on additional steps to protect your finances. 

If you're a City National Bank client, visit our fraud page to report the issue.

Next, reach out to your local FBI field office to report the crime. You can find your nearest FBI field office by visiting the FBI’s official website where a directory of locations is available. Each field office serves specific regions, so locating the one nearest you can ensure a faster response.

You should also file a complaint with the FBI’s Internet Crime Complaint Center (IC3) to officially document the incident which may help in any follow-up investigations.