Learn About Account Takeover Fraud

Hacker using card to steal identity
•••  Towfiqu Photography/Getty Image 

Financial identity theft in the form of account takeover fraud generally means using another person's account information, such as a credit card number, to obtain products and services using that person’s existing accounts. It can also mean extracting funds from a person's bank account, and it usually involves changing the account's login credentials or personal information.

How Account Takeover Fraud Occurs

Thieves can get ahold of account numbers in many ways, including online hacking, stealing mail or finding it in the trash, lifting wallets, and ATM and card reader skimming. Once the thieves obtain the account data, they may use the information right at a point of sale or access individual accounts online, over the phone, or through the postal service.

Victims are often the first to detect account takeover when they discover charges on monthly statements they did not authorize or funds depleted from existing accounts.

What's Fueling Account Takeover Fraud

Account takeover fraud remains a serious threat, and there are many factors that are fueling it's growth. They include:

  • The dark web: This part of the internet isn't indexed by search engines, so it's prime for criminal activity such as the buying and selling of stolen financial account data.
  • Data breaches: As large-scale data breaches continue to happen, people's account information, including usernames and passwords, are exposed to the dark web.
  • New financial offerings: While services such as Venmo, PayPal, and other digital money transfer services gain popularity, they also offer thieves more ways to attack.
  • Social engineering: Tricking people into giving up their confidential information by making them think their communicating with trusted sources via email, phone, or other methods is a growing trend in fraud.
  • Password security: Many people reuse their passwords and create easy-to-guess passwords, making it easier for hackers to access their accounts. On top of that, some companies only protect accounts with one type of authentication, such as only a username and password, instead of using multiple safeguards.

Preventing Account Takeover Fraud

There are some things that people can do to protect themselves against account takeover fraud.

  • Change your passwords often and avoid using the same passwords on multiple accounts.
  • Use multi-factor authentication when given the option.
  • Monitor your financial accounts and credit report and report suspicious activity immediately.
  • Don't use public Wi-Fi for banking or other important activity, and if you have to, then use a VPN when possible.
  • Don't share important personal information (Social Security number, birthday, etc.) if someone asks for it.
  • Lock your mailbox if possible and collect your mail frequently.
  • Shred mail and important documents before discarding them, and lock up sensitive documents that you must keep.
  • Don't carry your Social Security card in your wallet.

If You're a Victim of Account Takeover Fraud

If you notice suspicious charges on any of your accounts, get locked out of them, or have another reason to believe you might be a victim of account takeover, then the best place to start is the Federal Trade Commission's IdentityTheft.gov website.

The site was created to not only report any identity theft, but to help you make a recovery plan to help you resolve it as quickly as possible. It'll also help you put that plan into action with instructions, pre-filled forms, and letters. The online tool will walk you through everything you need to do.

Article Sources

  1. Experian. "Account Takeover Fraud." Accessed Jan. 26, 2020.

  2. Jumio. "The Harsh Reality of Account Takeover [Infographic]." Accessed Jan. 26, 2020.

  3. USA.gov. "Identity Theft." Accessed Jan. 26, 2020.

  4. Federal Trade Commision. IdentityTheft.gov. Jan. 26, 2020.