SME horizon

Protecting yourself from account takeover

Photo by Pixabay

Research by Digital Shadows showed that more than 24 billion exposed credential pairings are available for sale online. That is a 65 per cent increase from 2020, probably due to more sophisticated malware and social engineering, as well as improved credential sharing.

With passwords such as ‘123456’ still accounting for more than one hundred million exposed cases, account takeovers are bound to continue.

However, there are ways to avoid them, which we will cover later in the article. First, let’s consider whether account takeover (ATO) is something that everyone really has to worry about.

Account takeover: how it happens

The ATO attacks are somewhat similar to burglary. Fraudsters or hackers either crack your password using special software—just as burglars do to open the doors of a building—or get it from you through social engineering and dedicated malware.

Then they make it impossible for you to log into your account by changing the password. Unlike the case with burglars, you can lose all your sensitive information, as well as your money, at once. After online fraudsters take all they want from your accounts, they might sell it on the dark web as part of a database consisting of such accounts.

There are several most common types of account takeover attacks carried out to steal your credentials:

Social engineering 

These types of attacks typically use phishing emails from a service or organisation you are expected to trust, such as your bank, a broker, or a payment system. This email attempts to steal your personal information, including logins and passwords.

Social engineers might also call you (that’s called vishing) and pretend to be bank representatives or customer service workers of some of the services you use. Then they attempt to trick you into giving them your login credentials or other sensitive information.

Malware

It’s easy to download malware accidentally. It may look just like another message from a client with an attached file, or as a file of a book you wanted to read so much.

However, if you open it, there’s almost no way back—the program can encrypt all the files on your computer and block your system. The only way to decrypt the files and unblock the system is typically a hefty ransom.

Automated attacks

This type of ATO attack involves brute-forcing passwords, credential stuffing, where credentials obtained from an attack on one service are used for logging into other services, and password spraying, where a few common passwords are used for logging into different accounts.

Cyber attacks 

Hackers might exploit vulnerabilities in applications and sites to obtain their user databases with logins and passwords. Then they either sell the databases on the dark web or try to use them themselves.

Five tips from OctaFX on how to protect your accounts from takeover

OctaFX security experts have come up with several important rules that every internet user must follow to protect their accounts from cyber attacks:

Preventive measures against potential ATO attack

Don’t panic. If you received a message indicating that someone is trying to log into your account, check its login history and the devices that have access to it, if such information is available.

If anything seems suspicious to you, or you know for certain that it wasn’t you who entered the account, change your password immediately. Look carefully if any information of yours has been altered or removed, and try to recover it.

Four steps to take after an ATO attack

An account takeover is something anyone may encounter at some point in their internet life. Following the above rules significantly reduces the risk of becoming a victim of ATO and losing all your most important accounts at once.

Exit mobile version