Account takeover fraud (ATO) happens when crooks obtain customer information such as user names and passwords and use it to gain access to online accounts, which could include bank, credit card, social media and email accounts.
The crooks may buy stolen credentials on the dark web, use a phishing email or text message to get the information from the victim or download malware that captures it, steal it in a data breach, or trick people into revealing it through sophisticated scam phone calls.
The Financial Industry Regulatory Authority (FINRA) issued a bulletin in late 2021 saying it’s receiving an increasing number of reports of ATO. Reasons include people performing more transactions of all kinds online, the proliferation of mobile devices and apps, the tendency for consumers to use the same login credentials across multiple accounts, and lapses in security due to more people working from home. SpyCloud cites these statistics on ATO:
- Losses increased 90% in 2021, totaling $11.4 billion.
- 22% of U.S. adults have been victims.
- Nearly a quarter of identity-theft related fraud in North America was related to ATO in 2021.
- 64% of passwords exposed in 2021 data breaches were used in ATO attempts and 70% of passwords compromised in the past are still being used.
FINRA says crooks have used ATO to gain access to victims’ online brokerage accounts. Experian cites other fraudulent activities such as ordering a new card from your credit card company and using it to make purchases,…
