Account Takeover Attacks: All You Need to Know And How to Stop Them


Account Takeover Attacks: All You Need to Know And How to Stop Them

What is an Account Takeover (ATO)

An account takeover, or ATO also goes by another definition: account compromise. The names are self-explanatory. They simply define the action when someone manages to log into an account which isn’t theirs.

As we’ll see below, this action can be performed by a lone hoaxer or a full organised crime ring. ATOs range from the basic and innocent, to large scale attacks that can steal millions of dollars worth each year.


ATO is an increasingly costly issue for companies: in 2018, ATO accounted for $4 billion of losses for businesses worldwide. In the e-commerce sector, nearly 40% of all fraud losses in 2018 were due to identity theft and synthetic identities.

And the trend isn’t set to be curbed anytime soon, due to the increase in mobile usage. Javelin’s 2019 Identity Fraud Study saw a 45% increase in mobile ATO between 2018 and 2019, accounting for 679,000 incidents.


Businesses and customers have a lot to lose with each attack. In fact, it is estimated that victims end up paying $263 out of their own pocket to resolve an ATO, not to mention the time, stress, and efforts needed to overcome the problem.

While it’s harder for businesses to put a monetary value on ATO losses than with, say, chargeback fraud, it doesn’t mean it’s a victimless crime. ATO drains time, resources, and damages businesses’ reputation, with very real consequences:

  • Hacks and security issues put a strain on your IT team
  • Support is overwhelmed by customer requests who need to reclaim their accounts
  • The finance department must fight chargebacks
  • Users turn to competitors due to a loss of reputation and brand trust
  • Stocks can plummet after a publicised breach (dropping down to 7.5% in some cases according to Bitglass research)

Darkmarket value of an account with different providers – Source: TrendMicro

ATO attacks aren’t a new problem. Fraudulent account access to customer accounts has always been a concern for financial institutions. The difference is that today they affect any organization with a customer-facing login.

Sign up to download

In order to download and read the full e-book please sign up to our newsletter.

Thanks for submitting the form, click the button below to download our eBook.