Account Takeover & You
Definition
Account takeover is the act of a fraudster gaining access to an online account or account credentials for malicious purposes. This is a form of identity theft. It can also be the starting point of a larger attack on an individual.
Different types of account takeover happen every day including financial, cloud storage, social media, and work credentials. Here, we’ll share how account takeover impacts you and the best ways to mitigate your risk.
What this means to you…
Usually, it’s easy to detect account takeover on accounts you monitor regularly. Most of us know to contact customer service when we see strange transactions on bank or credit card statements, but how often do you investigate accounts when you receive an email or text message from a strange or unknown source?
Account takeover happens when credentials have been compromised either through data breaches or phishing and social engineering attacks. Fraudsters are able to buy credentials, personally identifiable information, and credit card numbers on the dark web. They are well versed in how to use any piece of this information to gain access to valuable accounts. This level of identity theft can range from losing access to your Netflix account to having all the money in your bank account transferred to the fraudster.
What you can do about it…
Actively managing and updating your passwords and security information is the #1 thing you can do to protect yourself. You can start with accounts linked directly to your finances. Many instances of account takeover occur when the same password is used for Netflix and Wells Fargo, for example.
Using a product like InstantAlly to monitor your email and password hygiene can help you stay aware of which breached credentials are putting you at risk. It’s a good idea to invest in a password management program to help you keep track of all your unique passwords.
Ensure you are monitoring all emails and text messages received from your bank or other financial institution. If you see a notification for an event that you don’t recognize (password reset, log-in event, or email change) change your password through their website, not the email you received, and contact their customer service immediately.
We’re all at risk for account takeover. By just existing on the internet, we’re inherently opening ourselves up to the possibility of our credentials being compromised. But taking that ownership back doesn’t have to be stressful or overwhelming when you implement the right tools like InstantAlly.