Everything requires an account today, from handling your finances to watching your favorite shows. Between managing all these different accounts and logins, there is no worse feeling than realizing you’ve been locked out of your own account. Or worse yet, that money is missing, or purchases were made without your authority.
Unfortunately, instances like these are becoming more common than ever due to an uptick in schemes known as Account Takeover Scams. Fraudsters obtain your login information and initiate transactions on your behalf – often without you even realizing it until days or weeks later.
In this article, we’ll dive into how these scams work, how fraudsters obtain your login information, and how you can protect yourself.
What is an Account Takeover?
An account takeover is when a cybercriminal gains access to one of your online accounts and then uses it in your name, steals your money or data, or sells your personal information for a profit. Essentially, a hacker digitally breaks into your account, and everything they do from that point is under your name and finances.
Account takeover scams are a form of identity theft. They can compromise sensitive personal information, including email addresses, passwords, billing and mailing addresses, credit card numbers, and social security numbers.
Beyond accessing your data, these scams can also leave your finances vulnerable. A successful account takeover can result in fraudulent transactions, credit card fraud, or unauthorized purchases from your customer accounts.
Where Can It Happen?
These scams don’t just target your financial institution accounts. They can also affect other types of accounts, including your online store accounts, utility accounts, e-commerce websites, peer-to-peer payment apps, and more.
Account takeover scams can affect multiple types of accounts, including:
- Financial Institutions: Likely the first possibility that came to your mind, attackers can target your credit union, bank, investment, and credit card accounts to steal money or make purchases.
- Retail & Grocery Stores: A bad actor may hijack your online accounts to purchase goods or services under your profile, but then they change the delivery address to their own.
- Peer-to-Peer Payment Apps: Fraudsters may take over your CashApp, Venmo, and PayPal to send money to themselves or someone they know. This scheme is one of the most common because once money is sent from these apps, it can be extremely difficult to get back.
- Utility Accounts: A hacker can access your phone provider account to send messages or make calls using your data and avoid paying for their own. They may also target your internet provider to steal access to data under your name.
- Loyalty Accounts: Your travel rewards, such as frequent flyer miles, may be stolen, or gift cards or other rewards may be redeemed without your knowledge.
How Does It Happen?
Most account takeover scams involve a series of small tasks designed to gain access to users’ information and, ultimately, their accounts. Fraudsters have a string of tools at their disposal to achieve their objectives, with phishing being a top choice for many.
Phishing scams impersonate the brands and companies you already do business with and prey on your trust. Fraudsters create and send fake emails or text messages that may appear legitimate at first glance. These messages often persuade you to verify your login credentials, update your payment information, track a package, or confirm your delivery address.
The text or email includes a link that redirects to a fake login portal designed to steal your credentials and any information you enter on the site. These messages may also include an attachment that, if opened, installs malware on your device. Malware can even be embedded on fraudulent sites and automatically download onto your device when you follow the link to the website.
Although the specific strategies can vary, here is an overview of the basic tactics used to execute an account takeover attack:
- Credentials are Compromised: Hackers crack your login information, including emails and passwords, access them due to a data breach, or purchase them from other bad actors on the dark web.
- Account Details are Modified: Once the fraudster has access to your account, they will begin altering your account details, such as changing your delivery address to theirs and changing the contact information for identity verification to themselves instead of you.
- Account Access is Used or Sold: Once they are in and have updated your details to their own, they can use your account unnoticed by you or the company. Then, they can begin carrying out unauthorized transactions in your name.
How Can I Prevent It?
First and foremost, rest assured that the credit union is safe, and your accounts are well-protected. Multiple internal processes are in place to ensure the safety and security of members’ accounts and personal information.
Most scams, including account takeover scams, originate from actions taken by the victim unknowingly. Phishing attacks are becoming increasingly convincing every day, making it crucial to stay in the know and safeguard your finances and other accounts.
Here are some actions you can take to shield yourself from cybercriminals:
- Install Virus & Malware Protection: Ensure you install virus and malware protection on all your devices, including computers, phones, and tablets. Always keep these protections up to date.
- Do NOT Share Personal Information: NEVER share personal or account information with anyone for any reason, especially not through email, text, or on social media platforms.
- Set Strong Passwords: As easy and tempting as it may be, avoid using the same or similar variations of passwords across multiple accounts. This practice makes it much easier for fraudsters to crack your credentials and access multiple accounts. Instead, set strong passwords that use a combination of upper- and lower-case letters, numbers, and symbols and avoid dictionary words. Consider setting up a password manager that functions across all your devices to help you keep track and simplify your sign-in processes.
- Enable Multi-Factor Authentication: Ensure you have multi-factor authentication enabled on every account for which it is available. Multi-factor authentication (MFA) uses an additional form of verification, such as a time-sensitive code or biometric data like a fingerprint or facial recognition, before providing access to your account.
- Contact Directly: If you’re ever in doubt that any communication you receive from a brand or company is legitimate, contact them directly. Don’t use the contact information listed in the questionable email or text you receive. Instead, search the company online, go to their official website, and use the contact information listed.
We’re Here to Help!
While the credit union maintains top-level security for all member accounts, cybercriminals are always looking for new victims to prey upon. Most scams begin with people unknowingly clicking a fraudulent link in an email or text. Understanding how these scams work and being proactive with your devices’ security and passwords are some of the best ways to protect yourself.
If you suspect you were targeted by a scam or have been a victim of fraud, contact us immediately. Our team is here to support you and guide you through any issues or concerns. Please stop by any of our branch locations or call 800-782-4899 to speak with a team member today.
Each individual’s financial situation is unique and readers are encouraged to contact the Credit Union when seeking financial advice on the products and services discussed. This article is for educational purposes only; the authors assume no legal responsibility for the completeness or accuracy of the contents.