If you had been following Mark Zuckerberg on Pinterest in late 2016, you might have noticed something strange. Overnight, his name was suddenly changed to “Hacked By OurMine”.
His bio then read: “Don’t worry, we are just testing your security’’.
The changes didn’t last long, but the message couldn’t have been more clear: even the CEO of the most famous tech company in the world couldn’t prevent a takeover of his account – a.k.a. an ATO attack. So what does that say about your own security? And how exactly can you stop account takeover attacks from damaging your business reputation?
We’ve put all the answers in our downloadable guide. Here’s the kind of info you’ll find in it.
How Much Damage These Attacks Can Do
According to Javelin, every victim of an account takeover attack ends up paying roughly $263 out of their own pocket. Think for a second about how damaging this is for your business reputation, long-term strategy, and customer service.
Then of course there is the time and resources lost trying to recover the accounts.
- IT and support teams can become overwhelmed.
- The finance department must fight chargebacks.
- Users turn to competitors and leave bad reviews online.
These aren’t just theoretical consequences. According to BitGlass, if a publicly-traded company suffers an account takeover attack that leads to a data breach, the stock could even plummet down to 7.5%.
Is Your Vertical Safe?
One of the biggest misconceptions about account takeover attacks is that they only affect online wallets. While fraudsters will spend more resources accessing accounts that may withhold instant access to cash, there’s value in every account.
Here are some account prices you may find, as advertised by resellers on the darknet.
Darkmarket value of an account with different providers – Source: TrendMicro
This means that fraudsters, or hackers, will stop at nothing to obtain your users’ login details including username and password. But how do they do it exactly? The answer is also in our guide.
Breaking Down an ATO Attack
Our downloadable guide offers an in-depth explanation of what account takeover attacks are, along with a concrete example of how fraudsters can perform them. We’ll look at the channels fraudsters go through, and the technology used so you can get a better understanding of how to protect your business. These include:
- Lax password protection: some fraudsters will simply run through lists of weak passwords until they can log in.
- Brute force: a process that uses automation to enter as many possible passwords as possible.
- Phishing: one of the most efficient methods is good old social engineering, also known as phishing. It involves dealing with targeted users to extract their personal information. Some advanced techniques include audio deepfakes to fool people into thinking they’re dealing with someone else.
- Malicious software: keyloggers and other malware can be installed on a victim’s computer, and sending the passwords back to the fraudsters.
- SIM highjacking: or SIM swapping, an increasingly common technique where fraudsters pretend to be the phone number’s owner and ask the operator to switch it to a SIM card they hold. It’s a form of identity theft, where all the accounts linked to your phone are then transferred to theirs.
In short: there’s no shortage of options for fraudsters who are determined to get a hold of someone’s account. So how do you protect business and users?
The Solutions: 10 Tips for Your Users
When it comes to protecting user accounts, educating people about their value and the best practices to follow is key. Our guide gives you 10 tips you can give to your users that will drastically improve security from their end.
The Solutions: 10 Tips for Businesses
The last section of the guide goes into technical details about fraud prevention tools and software you can deploy to monitor three key points:
- The signup stage.
- The login stage.
- The withdrawal or checkout stage (especially if your business is a fintech, eCommerce, financial institution, or acts as a digital wallet).
We’ll also break down some concepts such as dynamic login security, device fingerprinting, and velocity rules.
How SEON Can Help Prevent Account Takeover Fraud
At SEON, we’ve built in a number of account takeover attack fraud prevention features in our platform. We also took great care to put user experience front and centre, reducing the processing time to a minimum while allowing you to leverage:
- Powerful device fingerprinting: This lets you generate browser and device fingerprint IDs, which help you track users across incognito browsing, emulators, and VPNs. Thousands of data points are collected and compared to identify bad users – even after they reinstall or update their browser.
- Predictive Scoring: Combine machine intelligence with human insights. Let the machine-learning generate precise scores for ATO risk, and stay in control to improve catch rates and reduce false positives over time.
- Whitebox Machine Learning: SEON’s algorithm learns from your ATO patterns and retrains itself numerous times a day. You get results via human-readable rule suggestions with specific accuracy percentages, where rules are branches and parameters are the node of a decision tree.
- Behaviour Analytics: Collect and screen complete customer activity on your website via API. You can enable specific algorithms for login, checkout, and even signup to prevent ATO at the earliest point possible.
- And much more…
Fraud managers from any vertical can instantly leverage out customisable widgets and collaboration tools, whether they work alone or part of a team. Best of all, you can rest assured your loyal users and customers are protected without making it harder to enjoy your services with unnecessary friction.
To learn more about ATO attacks and our solution for stopping them, please download our guide today.
Sign up to download
In order to download and read the full e-book please sign up to our newsletter.
Thanks for submitting the form, click the button below to download our eBook.