What is Account Takeover Fraud?

September 30, 2021

Account takeovers are one of the biggest threats facing organizations of all sizes. They happen when cybercriminals gain legitimate login credentials and then use those credentials to send more attacks, acting like the person they're impersonating. Sometimes these account takeovers can deal with financial information, but they also work to steal sensitive data.

Companies can do their part to protect their infrastructure from credential phishing and BEC (business email compromise) attacks that often lead to these account takeovers. By implementing cybersecurity practices, it's also possible to teach employees tips regarding the usage of credentials as well as training focused on the creation of strong passwords and two-factor authentication.

But achieving complete security from account takeover fraud can seem virtually impossible. That's especially true when you consider that the corporate account takeover can sometimes occur through third-party vendors with which a business might have a long-standing relationship.

The good news is that even though fraudulent account schemes are a significant threat, it's possible to prepare for them and mitigate most of the risks.

With that in mind, let's look at the account takeover fraud definition, how they typically happen, and what steps you can take to prevent account takeover (sometimes spelled account take over) for your company.

What is an Account Takeover?

Account takeover is a term that describes business identity theft that occurs when a bad actor uses employee credentials for a malicious purpose.

One of the main reasons why account takeovers are hard to eliminate is that they take many forms. Attackers are constantly looking for vulnerabilities in enterprise companies, knowing that even a single successful account fraud instance could provide significant rewards. They do this through credential phishing, brute force attacks, password spraying, and various other methods, but even though the approaches are different, they all work.

Let's explore two different types of account takeovers, and why they're both dangerous to your organization.

Third-Party Account Takeover

The third-party account takeover is one of the hardest to prevent. Since it begins outside of the company, there's no way to eliminate the risk at its source. Companies have to rely on their internal security and risk mitigation processes to ensure that these types of account takeover fraud attempts fail.

In this type of attack, attackers don't attack the target business directly but instead attack a vendor or partner with whom the company works on a regular basis. The trust factor in long-term business relationships can make the typical security measures weaker, allowing invoices or other types of fraud to get through and go unnoticed until it's too late.

When an attacker gains control of a vendor's email account, they often impersonate the vendor to steal money from the target company, typically through invoicing and billing fraud. And because the relationship between the companies is established, it's much harder to expect the one person responsible for invoicing to catch the fraud taking place.

In this type of account takeover, the victim might receive a typical email from a vendor that uses the same format and language as their trusted contacts. The email might inform them that the payment details have been updated and that future transfers should be made into a different account. Since the victim is accustomed to working with the vendor and does not think to verify the information, it's very easy to quickly approve the change and end up enabling account fraud to occur.

In another instance, the victim may receive a fraudulent invoice that looks similar or even identical to an invoice they’re expecting from the vendor. Because the cybercriminals have access to the full vendor account, they can create believable invoices, send them as part of an existing email chain, and steal money from their target company before the victims even think to check legitimacy.

Internal Account Takeover

The second type that's important to discuss is the internal account takeover. Even though this is easier to protect against, it still requires a comprehensive security strategy to ensure that no part of the company becomes compromised and that any vulnerabilities are resolved before they can be exploited.

One of the most common ways attackers can execute an internal account takeover is through an employee. The overall security systems in large companies are usually robust, so attackers typically rely on the human element and try to get into the company using an employee’s credentials. For instance, if someone clicks on a phishing email or goes to a fraudulent keylogging website, their entire account can be compromised. Attackers can essentially take over the entire account using stolen credentials, gaining full access to sensitive information and other company accounts.

This presents a significant financial danger to the company, as attackers can divert payroll information to a fraud account and execute various financial operations resulting in massive losses. Luckily, with employee preparation and implementation of best practices, it's possible to prevent internal account takeovers, identity theft, and other attacks from occurring.

How Does an Account Takeover Happen?

Keeping up with the multitude of ways that account takeover can happen can seem all but impossible. Attackers are constantly finding new ways to exploit vulnerabilities, and sound security measures of today may become obsolete tomorrow.

The good news is that even though the methods are changing, they can typically be grouped into a few key categories. Let's explore them below.

Phishing and Spear Phishing

Phishing is one of the oldest methods for gaining unauthorized access to personal information online. It's known for consumer scams such as credit card account takeover, but it can be very devastating for enterprises too. In essence, phishing emails attempt to trick people into transferring money, providing credentials, or sending sensitive information. In corporate communications, phishing emails will mimic vendors, partners, or even fraud notices from financial institutions.

Using urgency and other manipulative methods, these emails encourage users to click through and enter sensitive business information. They can also contain malware that infects the corporate systems and grants access to attackers.

Social engineering attacks are another term used to describe phishing. Attackers typically try to identify the person they could use to gain access and trust through various incentives. Once the trust is earned, they can leverage the relationship to get the user to make a mistake or ignore security measures, which can grant access to the attackers. The biggest issue with social engineering attacks is that they can be impervious to most security measures because they relies on human error.

Spear phishing is an even more dangerous form of the same strategy, as it's usually more personalized and targets a specific individual or department. These emails can be very hard to distinguish from real ones, which is why they can be so effective if protection systems are not in place. It’s important to note that psychological manipulation through human interaction is used to trick users into making security mistakes or overriding current protocols.

How Can You Prevent Account Takeovers?

Even though account takeover is very hard to protect against, it's not impossible. With the right strategies and a willingness to consistently improve, any enterprise company can minimize the risk of an account and protect their email accounts from falling into the wrong hands.

The first step to a successful prevention strategy is preparation. You need to:

  • Work with all users who have access

  • Train them to use the security systems in place

  • Educate them on the most critical practices

  • Teach them to spot some of the most common account takeover techniques, especially those involving phishing and social engineering

You should also be willing to invest in the implementation of the current industry-leading best practices and solutions. Whether it's leading software that protects against account takeover or expertise from leading consultants, sometimes the best solution is to embrace today's technology and use it to its full extent against external threats. For example, the Abnormal Security platform offers comprehensive protection against third-party and internal account takeover, using behavioral data science-based AI technology to spot suspicious emails and offering robust protection against even the most advanced email attacks.

Having the right system in place doesn’t just minimize the risk of an account takeover taking place. It can also provide your team with peace of mind, knowing that there's an additional barrier of protection that will block potential threats before they can cause damage.

To learn more about how Abnormal can protect you from account takeovers, schedule a demo today.

Previous
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Next
Blog podcast green cover
Many companies aspire to be customer-centric, but few find a way to operationalize customer-centricity into their team’s culture. As a 3x SaaS startup founder, most recently at Orum, and a veteran of Facebook and Palantir, Ayush Sood...
Read More

Related Posts

B 10 15 21
With Detection 360, submission to threat containment just got 94% faster, making it incredibly easy for customers to submit false positives or missed attacks, and get real-time updates from Abnormal on investigation, conclusion, and remediation.
Read More
Extortion blog cover
Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.
Read More
Blog engineering cybersecurity careers
Cybersecurity Careers Awareness Week is a great opportunity to explore key careers in information security, particularly as there are an estimated 3.1 million unfilled cybersecurity jobs. This disparity means that cybercriminals are taking advantage of the situation, sending more targeted attacks and seeing greater success each year.
Read More
Blog hiring cybersecurity leaders
As with every equation, there are always two sides and while it can be easy to blame users when they fall victim to scams and attacks, we also need to examine how we build and staff security teams.
Read More
Cover automated ato
With an increase in threat actor attention toward compromising accounts, Abnormal is focused on protecting our customers from this potentially high-profile threat. We are pleased to announce that our new Automated Account Takeover (ATO) Remediation functionality is available.
Read More
Email spoofing cover
Email spoofing is a common form of phishing attack designed to make the recipient believe that the message originates from a trusted source. A spoofed email is more than just a nuisance—it’s a malicious communication that poses a significant security threat.
Read More
Cover cybersecurity month kickoff
It’s time to turn the page on the calendar, and we are finally in October—the one month of the year when the spooky becomes reality. October is a unique juncture in the year as most companies are making the mad dash to year-end...
Read More
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Account takeover cover
Account takeovers are one of the biggest threats facing organizations of all sizes. They happen when cybercriminals gain legitimate login credentials and then use those credentials to send more attacks, acting like the person...
Read More
Blog podcast green cover
Many companies aspire to be customer-centric, but few find a way to operationalize customer-centricity into their team’s culture. As a 3x SaaS startup founder, most recently at Orum, and a veteran of Facebook and Palantir, Ayush Sood...
Read More
Blog attack atlassian cover
Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...
Read More
Blog podcast purple cover
Working at hyper-growth startups usually means that unreasonable expectations will be thrust on individuals and teams. Demanding timelines, goals, and expectations can lead to high pressure, stress, accountability, and ultimately, extraordinary growth and achievements.
Read More