Account takeover is a growing threat to online businesses. It’s not as costly as chargeback fraud but can damage customer loyalty and brand reputation.
Fraudsters gain unauthorized access to online accounts using stolen credentials. They can then phish, plant ransomware, and steal data from corporate networks.
Identifying changes in account information can be difficult, especially when fraudsters make small but significant modifications. To help combat this, Vectra leverages breached credentials data to detect suspicious changes quickly.
Table of Contents
Identifying a Target
The first stage of account takeover is when a lousy actor steals credentials and starts looking for accounts to log into. Using leaked customer data, they scan for account changes (change of email, phone number, password, etc.), and once they find a match, they initiate an account change to extract value from the user’s account. The change is done online, and fraudsters can access the account using standard web browsers on laptops or home computers.
Criminals can use the hacked account to cash in loyalty points, buy goods, and execute fraudulent transactions. They can also monetize stolen personal information like addresses and credit card numbers. Fraudsters typically use phishing attacks to trick employees into revealing private information through a fake website or text message.
Businesses must understand all the components of account takeover and the risks associated with each stage. Getting teams from different departments involved in the conversation is essential – including security, risk, payments, and even marketing. Defining how to handle account takeover in the context of each team’s goals and priorities will help reduce friction for legitimate customers and keep fraudsters from getting away with it. For example, if a login is repeated from an IP address county that doesn’t fit the profile of a typical customer, that should flag a potential breach.
Identifying the Risk
The first step in an account takeover attack is accessing the victim’s credentials. It is a common goal for hackers because it can bring them significant financial gain. For example, criminals can use stolen information to apply for lines of credit, commit insurance fraud or steal money from their employers or family members. They can also sell their victim’s data on the dark web.
It can be challenging for merchants because changes in a customer’s email address, phone number, or password occur multiple times daily. And since many of these changes are legitimate, it can be difficult to tell when a criminal is making a change and trying to hide their activities from you.
To combat these challenges, you need a system that monitors all actions and recognizes when something out of the norm is happening. For example, if a customer’s login location keeps changing, this could indicate that a cybercriminal has taken over the account. A practical solution can help detect these changes and take action immediately before the crime is committed.
While protection against traditional credit card fraud has improved, the risk of account takeover attacks is rising. And while these attacks aren’t as costly as chargeback fraud, they can still lead to significant losses. In addition, they can damage business reputation, strain operations teams, and impact customer loyalty and retention.
Gathering Information
Unlike many other fraud types, account takeover attacks are often difficult to detect. Criminals can hide behind a legitimate customer’s healthy purchase history and good trust built up over time, making it harder for rules-based systems to detect anomalies. Moreover, when a criminal successfully gains access to an account, they can carry out numerous unauthorized transactions, resulting in monetary loss and a strain on the victim’s relationship with the merchant.
The criminal might also use this access to steal PII and use it for other cyberattacks. For example, the attacker could apply for lines of credit or commit insurance fraud in the victim’s name. Or, if the password is compromised, they can use it to log in and plant ransomware inside the corporate network.
A standard method for attacking accounts is credential stuffing, or “card cracking.” Using lists of leaked usernames and passwords purchased on the dark web, fraudsters can test thousands of possible combinations until they find one that works. It is facilitated by notoriously insecure passwords, with most employees using weak or repeated passwords.
Fraudsters can also target popular login times (like mealtimes) or proxies to mimic real traffic and use tools to get around CAPTCHA challenges. All of this makes account takeover a very profitable crime, and it’s why criminals continue to increase their attack frequency.
Creating a Plan
The average person has dozens of online accounts for business and personal websites, applications, and services. Criminals hack into these accounts using compromised credentials and exploit them to steal data, deliver malware and disrupt a business or customer’s experience.
The damage from account takeover attacks is wide-ranging and costly for businesses, customers, and the public. From a financial perspective, businesses must deal with chargebacks and refunds from victims who notice fraudulent transactions. Reputation damage is an equally severe concern for businesses exposed to these attacks, as they risk being perceived as cavalier toward customer data.
Identifying the threat is only one part of the battle – getting buy-in to defend against it is another. To do this, it is crucial to show the impact on the specific company’s business model. Talking about global fraud statistics will only go so far – you need to relate the problem to each department’s objectives and priorities.
Fraud and Payments teams must work closely with security/risk and product departments to define the right strategy for fighting against this emerging threat. Similarly, the marketing team must understand that account takeover attacks can disrupt the user experience and lead to lost customer loyalty. To do this, marketers should look into instances where account takeover has affected real customers – read their social media posts or listen to their calls or emails to understand how they are being impacted.
Also Read – How Auto Dialer Software Can Boost Your Sales Team’s Efficiency