Cybercriminals use various tactics to gain access to your personal and financial accounts, often with the goal of stealing money or personal information. Often, they gain your login credentials and change your password to lock you out – a crime known as an “account takeover.” Being aware of this type of crime may keep you from becoming a victim.
Account takeovers allow criminals to gain complete access to an account. From there, they can transfer money to themselves, redirect payroll deposits, or pretend to be that person on social media.
For victims, account takeovers can lead to significant financial losses and a loss of personal identifying information, which can lead to identity theft. When account takeovers happen on social media, the scammer – pretending to be the victim – may try to get “friends” or connections to send money or disclose other information.
According to the
Internet Crime Complaint Center (IC3), criminals that seek access to your personal and financial accounts can achieve their goals using several methods:
- Taking advantage of a consumer’s weak passwords and/or the lack of two-factor authentication. Multifactor authentication (MFA) is a security enhancement that requires you to present two pieces of evidence to log in to an account. Beyond just something you know (such as your password), you generally must also demonstrate something you have (such as a phone) or who you are (such as a fingerprint or face scan).
- Phishing for personal information using a legitimate-looking email to trick consumers into disclosing login credentials. Scammers also use bogus websites that may appear to be a consumer’s online bank portal or payroll website.
- Deploying social engineering tactics by pretending to be an employee of a consumer’s bank, customer service representative from a company they do business with, or a tech-support or computer-repair professional.
- Obtaining data breach information available on the dark web to gain a consumer’s login credentials.
- Installing malware (malicious software) on a consumer’s device. Consumers can unknowingly download malware by clicking on suspicious links and pop-up advertisements or by opening suspicious email attachments. There are many types of malware, including viruses, adware, ransomware, and spyware. This malware could infect a computer, spread to other computers, show consumers unwanted advertisements, lock up their device, and even capture personal information stored on their device.
Experts at
IC3.gov recommend the following tips to prevent account takeover fraud:
- Be mindful of the information you share online, especially on social media platforms. Through oversharing, consumers might be helping scammers to guess their passwords or the answers to password-reset security questions.
- Keep a close tab on your financial accounts, including bank, investment and credit card accounts. Examine these resources for potential problems, such as a missing deposit or an unauthorized withdrawal.
- Be sure to use unique, complex passwords or hard-to-guess passwords for each account, and make sure that two-factor authentication is enabled on accounts that allow this extra security mechanism.
- Maintain links to your favorite account websites to avoid visiting fraudulent login pages. Fraudulent logins may be found when using internet search results or advertisements to help connect to your accounts.
- Guard against impostor bank employees, customer-service reps, and tech-support professionals. Remember that scammers can spoof the caller ID information you see on your phone using readily available technology. Rarely do legitimate companies contact consumers out of the blue to request their login/password or one-time security/access code.
In addition, be vigilant and never allow a stranger “remote access” to any of your devices. Some scammers try to gain access to your account by posing as technical-support companies and try to persuade you to let them “fix” your computer by accessing it remotely through special software and/or websites. Once access is gained, however, the scammer may install malware or hold the computer hostage until you send money to regain control.
For more information, including what to do if you’re a victim of account takeover fraud,
click here.
Consumers who suspect a scam or an unfair business practice should contact the Ohio Attorney General’s Office at
www.OhioProtects.org or 800-282-0515.