Account Takeover & You – Holiday Shopping Edition
Holiday shopping is one of my favorite times of the year. But as my Instagram and Facebook profiles show me ads for the perfect gifts for my parents, partner, and friends, shopping becomes a bit daunting. Fraudsters are just as excited for this as you are; read on to learn about the relationship between account takeover and your holiday shopping.
Shopping online can be risky. Inevitably, supply chain delays will interrupt our holiday season. But that isn’t the only thing we need to prepare for as the seasons change. Fraud spikes occur every year when people prioritize gift buying over scrolling.
For each new retailer I find with the “perfect gift”, I have to create a new set of login credentials. Many of these sites offer “create an account” or “guest checkout” options when making a purchase. By creating an account, it’s easier to track packages, inquire about other products, and contact customer service.
It’s easy for me to forget about that one site where I bought a Batman bathrobe for my partner. But for fraudsters… they’re relying on that forgetfulness.
So what’s the risk? It’s during the busy holiday season that we all become more vulnerable to fraudsters and the threat of account takeover. For each account created with an independent retailer, I’m adding my email address and password to the online ecosystem.
Account Takeover (ATO) and holiday shopping go hand in hand. ATO is a common form of online fraud and probably one of the easiest to protect yourself against. ATO occurs when valid credentials are used by a fraudster to log in to an existing account online. This can happen for the account that those credentials were created for OR a different account for the same user. Valid credentials can be acquired through a series of tactics including data breaches, phishing, credential stuffing, and weak passwords.
For example:
I had my Netflix account hacked a few years ago. I received an email stating that the email and password on my account had been changed. I had not made these changes. I don’t know exactly how the fraudsters got into my Netflix account, but I was using a log-in and password that had been compromised through another data breach. Read more about that and why I started using a password manager here.
Thankfully, there are a few simple steps you can take to protect yourself against ATO.
Use Stronger & Unique Passwords
By using strong and unique passwords across your various online accounts you can save yourself a lot of frustration when a breach occurs. If your Etsy or Bombas account is compromised, it’s less of a big deal if that’s the only site where you’re using that email and password combination. Learn more about how to write strong passwords here. Using a password manager can make this MUCH easier.
Turn On Multi-Factor Authentication
If a site or online service uses Multi-Factor Authentication or 2FA options for log-ins, use them. Typically, this means you will need to enter a unique code that will be emailed or texted to you. A fraudster would need to have access to your email account or mobile device to get past this layer of security. It’s critical, at this point, that you are also using a unique password for your email account.
Holiday shopping can be a fun adventure that takes you to the far reaches of online shopping algorithms for the perfect gift, but as we make account after account after account, it becomes critical that we all take a bit more ownership of our different login credentials. Protecting yourself against various types of fraud can take time, but once you start implementing these techniques it becomes second nature.