Account Takeover – Things To Do If You Are The Victim

As per a research report published in 2017, there were around 16.7 million internet crime victims in the U.S. alone. Cyber-fraudsters have started engaging in identity theft schemes and account takeovers in the last few years. The latest annual data confirms that an average of 263$ is lost per individual in case of Account takeover fraud.

What Is Account Takeover?


Account takeover fraud is related to identity theft where fraudsters gain access to a user’s online credentials, credit card details etc.  The commonplaces of such malicious practices include bank accounts, credit cards, and email accounts

We live in a world which is digitally connected, where both the consumers and merchants have benefited from streamlined access. Technologically we have advanced, but this record keeping and communication serve as multiple entry points for the cyber adversaries. Every year the percentage of this type of cyber-crime is increasing at an alarming rate. Major companies like PayPal deals with thousands of such account fraud takeovers every year.

How Does An Account Takeover Take Place?


The online fraudsters pose as the real owners of the account who then change the account details and make a purchase, withdraw funds or use the stolen information to gain access to big accounts or bargain the details for money.

There are various other methods to perform this hack. Some of these include spam emails containing malware links, phishing through texts or emails, address abuse or credential cracking, etc.

If you analyse the risks, when a user loses credentials to a single account, it can have a cascading effect resulting in other accounts of the user vulnerable to these threats too. There have been instances where post successful breach customers have lost all their hard earned money also.

How To Prevent An Account Takeover Attack And Not Be A Victim?


Even before you become a victim of such attack and lose your confidential data to hackers, it’s always better to opt for some preventive controls so that you don’t fall prey for such malicious attempts

  • Biometrics– An authentic security solution which uses an individual’s physical or behavioural traits like face, fingerprints or retina detection. The process evaluates such details to verify your identity. Biometrics has proven to be an ultimate measure to protect your identification.


  • Using multiple credentials for different account protects you from an account takeover. It is a preventive measure one can take from themselves.


  • Keeping an eye on bank/credit card statement: Balance your credit card statements regularly. Whenever a suspicious activity is noticed, report it back to the bank on an immediate basis


  • Use of a password manager is suggested. Different products like LastPass, Dotline provides you with complex usernames and passwords. These services are responsible for unique passwords which are not easy to guess by hackers.


  • Use of social media: Try to give as less personal information possible on social media accounts. Your phone contact, email address, and birthdates should be limited to friends and family.


We Wish You Follow Above Preventive Steps But Here Are The Things To Do If You Are The Victim:


  • File a complaint with authorities: Documenting the crime with the local police is the first step. Make a note of the investigation report number for future references. Then you can contact other law enforcement agencies.


  • Set A Fraud alert on your account: Yes your account has been compromised, but it’s of utmost importance to prevent subsequent theft. Put a fraud alert on your credit cards and other online banking services. This will stop the fraudsters from opening your account and escalate the attack further. File reports with credit bureaus for any inaccurate information


  • Change your passwords or PIN immediately for the compromised account: As soon as you come to know about your account takeover, quickly change the password for the compromised bank account and related credit card accounts. One of the significant mistakes consumers tend to make is using the same login credentials on an array of accounts.


  • Review & update fraud prevention policies: if the employees of your organisation have been a victim of account takeover, the first thing to do is to prevent it from cascading. Review and update the fraud prevention policies of your organisation as soon as possible.


  • Different passwords for different accounts: Immediately set different passwords for different accounts. The fraudsters need a single weak link to break the entire chain. Using the same passwords in PayPal, Banks, Other credit cards and online accounts make you highly vulnerable.


  • Communication: Education, awareness and training are the keys to prevent phishing from happening but even if it has taken place first thing to do is to communicate it within the organisation ( to avoid any panic amongst employees) and to inform it to authorities. This is even required by law in many countries and will safeguard you from many legal issues and regulatory fines.

Enterprise-class email protection without the enterprise price

For flexible per-user pricing, PhishProtection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24×7. On any device. With features you’d expect in more expensive solutions:

All Plans Come With

  • Stops business email compromise (BEC)
  • Stops brand forgery emails
  • Stop threatening emails before they reach the inbox
  • Continuous link checking
  • Real-time website scanning
  • Real time alerts to users and administrators
  • Protection with settings you control
  • Protection against zero day vulnerabilities
  • Complete situational awareness from web-based console

Join 7500+ Organizations that use Phish Protection

Phish Protection works with System Administrators, IT Professionals and IT Executives in thousands of companies worldwide. Sign up and protect your organization from phishing attacks in less than 5 minutes