Clearsale Blog | Insights on Ecommerce and fraud

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Written by Rafael Lourenco | Oct 1, 2020

Account takeover fraud is a huge problem, but most US consumers don’t know about it. Only 36% of US consumers say they are familiar with account hijacking fraud, even though it’s one of the fastest growing types of online fraud. And unlike credit card fraud, a successful account takeover can often allow criminals to exploit multiple accounts belonging to the same victim. Here’s what you need to know to protect your accounts from takeover fraud.

What U.S. consumers know about online fraud

ClearSale commissioned a survey done by Sapio Research of U.S. consumers to learn about their shopping behaviors, preferences and attitudes about online fraud. Over a thousand consumers who shop online at least every few months participated. What they found is that while the majority of online shoppers are aware of credit card fraud and email phishing scams, not even half were familiar with account hijacking, also known as account takeover (ATO) fraud.

The high level of awareness about credit card fraud makes sense. This type of fraud hit 270,000 U.S. victims in 2019, making it the most common type of consumer identity theft. Credit card theft and fraud have been trending up in the U.S. for half a decade, but there was a huge jump in reported card fraud—more than 72%--from 2018 to 2019. In many cases, credit card theft leads directly to online shopping fraud, which more than half of respondents knew about.

High levels of awareness about phishing and email scams are good, too. They’re a sign that corporate and government campaigns to educate people about phishing are working. Despite the widespread awareness among consumers, phishing has been a serious problem for years, especially for businesses and large organizations. One group of threat researchers found that the number of phishing attacks declined by 42% in 2019, but only because criminals are getting better at focusing their attacks on high-value victims. Still, some attacks impersonate familiar brand names to trick consumers into handing over their passwords, so be vigilant.

Then there’s ATO (aka hijacking) fraud. ATO fraud increased 79% from 2017 to 2018 in the U.S., and mobile phone account takeovers increased by 78% from 2018 to 2019—a disturbing trend because so many consumers have email, social media, banking and shopping apps linked to their mobile accounts. With so many of us—even fraudsters—stuck at home for health and safety reasons, online gaming account takeover fraud is growing, too.

This combination of rapid growth and low public awareness means many consumers are at risk for suffering an account takeover attack..

What exactly is account takeover fraud and what makes it so dangerous?

An account takeover happens when someone else gets access to one of your digital accounts. Credit card and bank accounts are the ones people usually think of first, but social media, email, shopping and other accounts can also get hijacked by fraudsters. Once they’re in the account, they can use it to do what they want, whether that’s make purchases online, steal information or deface someone’s social media pages.

There are at least four reasons why ATO fraud is so damaging.

  1. Thieves can get access to your funds and personal information. Even if they don’t crack your online checking account, a fraudster with access to your Facebook account may be able to shop on Facebook with the payment data you have saved there.
  2. Fraudsters can take over more of your accounts if you use the same password on them.
  3. Once a criminal has access to your accounts, they can lock you out by changing the passwords and other contact information.
  4. With enough of your personal and financial information in their control, criminals can open new accounts in your name to commit more fraud.

How does ATO happen and how can you protect yourself?

Most consumers are aware of the dangers of fraud and know to keep their passwords a secret, so how does ATO fraud happen? One major cause is out of the average person’s control, but the other is not.

Data breaches and ATO fraud

Data breaches are a huge source of passwords and other login credentials. When criminals find ways to steal data from companies and government agencies, they resell that information to other criminals, who often use it to hijack accounts. In 2019, more than 164 million records were exposed by data breaches in the U.S., and new breaches are reported every week around the world. There’s not much consumers can do about this trend, but there’s a related step that can limit the damage.

Secure passwords can limit ATO damage

If one of your shopping passwords is exposed in a breach, the fraud might be limited to that account. But most of us make it easy for fraudsters to do worse. More than 84% of us use the same password for multiple accounts. That’s like handing a skeleton key to criminals. They can test your stolen login credentials from one account with all your accounts or with common platforms to see what else they can take over.

So, the first line of defense against ATO for the average person is to use a unique, strong password on every account you have. This means you will need to use a password manager, because you won’t be able to remember then all.

You can also:

  • Consider using two-factor authentication (2FA) on your most sensitive accounts. An authenticator app is more secure than SMS 2FA.
  • Check to see if your passwords have been exposed. The Jumbo app and the Have I Been Pwned website are resources that many tech experts recommend for this purpose.
  • Regularly check your bank statements and sign up for spending alerts.
  • Be careful about following links in emails to login pages. Remember that phishing attacks can arrive via text and voice call, too.
  • Consider signing up for credit monitoring and/or putting a freeze on your credit with the three major reporting agencies.
  • Report suspicious transactions to your bank; report confirmed fraud to the authorities in your area.

Account takeover fraud is a serious and growing problem, but consumers can fight it. With good password practices, caution about unfamiliar links and calls, and regular attention to your account activity, you can reduce your risk of becoming an ATO fraud victim.

Original article at: https://technative.io/account-takeover-fraud/