Account Takeover Fraud (ATO) occurs when fraudsters obtain customer information, such as usernames and passwords, and use it to access online accounts such as banks, credit cards, social media, and email accounts. increase.
Scammers buy stolen credentials on the dark web, use phishing emails and text messages to obtain information from victims, download information-grabbing malware, and steal information in data breaches. or trick people into revealing information with sophisticated fraudulent phone calls. .
The Financial Industry Regulatory Authority (FINRA) will issue a report in late 2021, saying ATO reporting is on the rise. Reasons for this include the growing number of people conducting all kinds of transactions online, the proliferation of mobile devices and apps, the tendency of consumers to use the same login credentials for multiple accounts, and the growing number of telecommuters increasing security concerns. decline, etc. SpyCloud cites the following stats about ATO:
- Losses in 2021 increased by 90% to a total of $11.4 billion.
- 22% of US adults are victims.
- By 2021, nearly a quarter of North American identity theft-related frauds were ATO-related.
- 64% of passwords exposed in 2021 data breaches were used in ATO attempts, and 70% of passwords compromised in the past are still in use.
FINRA says scammers used ATO to access victims’ online brokerage accounts. Experian cites other fraudulent practices such as ordering and buying new cards from credit card companies, buying new smartphones from mobile operators, redirecting unemployment benefits, and selling information on the dark web.
ATO is often difficult to detect. Red flags that indicate you may be a victim include fraudulent transactions on your account, notices of address or other contact information changes you didn’t initiate, missing account statements, and unfamiliar accounts on your credit report. And so on.
FINRA and BBB offer the following tips to avoid becoming an ATO victim:
- See what you click. The best way to protect yourself from malicious links is to avoid clicking them.
- Please use a strong password. Do not share your password with others, store it on your computer, use different passwords for different accounts, or change your passwords regularly. Consider using a password manager that suggests and stores strong passwords.
- Enable multi-factor authentication (MFA). MFA uses two or more different types of authentication factors, such as passwords and codes sent in text messages, or physical identifiers such as fingerprints, voice, or facial recognition.
- Keep your computer secure. A security software package with antivirus, antispam, and spyware detection is a must when conducting online financial transactions.
- Use your own device to protect it. If possible, avoid using public computers or devices to access your financial accounts. May contain software to retrieve passwords and PINs.
- Stay cyber safe when using Wi-Fi. Many public hotspots, such as wireless networks in airports, hotels, and restaurants, have reduced security settings for ease of use. However, this also increases the chances of someone intercepting your information.
- Review all communications from your financial institution.
- Thoroughly review your account activity and monthly account statements as soon as they become available.
Randy Hutchinson is president and CEO of the Mid-South Better Business Bureau. This column is affiliated with the Better Business Bureau of Central Tennessee and Southern Kentucky.