SMBs - Beware of Account Takeovers

8128171082?profile=RESIZE_400xAccount takeover seeks to infiltrate an existing account and use them for the criminal’s benefit.  Cyber threat actors will target any firm from any market segment, so there is no pattern to follow.  Once the criminal accesses the account, they may make unauthorized purchases and cash advances; they may also change account information so that the real owner does not receive notifications from the account.

According to a recent report, account takeover has tripled over a year-to-year comparison, while cybersecurity statistics show that this form of fraud has increased since the pandemic, along with many other forms of fraud.

How Does Account Takeover Work?

Often, the process begins with a phishing email in which the criminal tricks the account owner into clicking on an email or downloading a virus that tracks their credentials.  The email may have a sense of urgency, such as stating that their account will get shut down or become inactive if they do not take immediate action.

Account takeover may be committed on various types of accounts, including online banking and credit card accounts to directly handle the funds in the account.  However, the IRS has also reported that some criminals have hacked tax accounts to file fake tax returns.  Social media accounts are also taken over to attack other social media users.

Differences between Corporate and Personal Account Takeovers

A corporate account takeover is a form of business identity theft in which the criminal steals a business’ online banking credentials, while personal account takeover concerns personal accounts.  Corporate account takeover may take more nuanced forms of theft, such as creating fake employees who are paid on payroll or stealing customers’ information to commit identity theft.  Fortunately, there are several ways that you can safeguard your business, including:

Conduct employee background checks before hiring them - Hiring during the pandemic brings on its own unique challenges. You may not even meet with someone in-person and may instead conduct all interviews online.  However, you should still run an employee background check on all potential hires and check for any history of fraud or other relevant criminal histories.

Train employees in fraud prevention - Your employees are your first line of defense against fraud.  Having a robust educational program for employees so that they understand various cybercrime, and how they occur can be a particularly effective form of preventing account takeover and other types of corporate identity theft.

Employees should be thought to think critically about each email they receive and whether it makes sense.  Employees should be trained not to open emails from unknown senders, not responding to requests for credentials, and not downloading attachments.

Additionally, train employees on detecting signs that a system may have been compromised, such as not being able to access files or websites, a dramatic reduction in speed, unexpected restarting of the computer, inability to restart a computer or the presence of unusual pop-up messages.

Monitor account activity and statements - Monitor your account activity regularly to identify any suspicious transactions.

Protect all accounting documents - Your accounting documents may provide another potential access point to thieves, so be sure to secure your key accounting documents, along with invoices, signature equipment, and business checks.

Use only approved vendor listings - Maintain a list of approved vendors so that you know which businesses you have an ongoing relationship with.  Carefully check their email addresses, names, and phone numbers to ensure that they are the right company before trusting their emails.

What Is Payment Fraud Prevention?

Payment fraud prevention uses AI to determine if a charge that is being made on an account is different than previous transactions and may possibly be fraudulent.  The AI may use a variety of information to discern which transactions may be fraudulent, such as identifying the device where the transaction is being processed to determine if it is a trusted device, locking out transactions from an IP address that has an unusual amount of activity, or calculating risk scores based on unique algorithms.  Implementing payment fraud prevention methods can potentially help you minimize account takeovers.

What to Do if your Business Has Already Faced Account Takeover Risks?

You should immediately stop all activity from systems that may be compromised.  Then, immediately notify the financial institution for the account that was taken over. Change the credentials of your compromised account.  If the theft has occurred, you may also need to contact authorities and make a police report.

Understanding the potential risks of account takeover can help you potentially avoid the turmoil of someone taking over your business accounts. By following the steps above, you can prevent this particularly impactful form of fraud or minimize it if it has already affected your business.[1]

The installation, updating and monitoring of firewalls, cyber security and proper employee training are keys to blocking attacks, yet utilizing the RedXray and CTAC collection and analysis tools by Red Sky Alliance, will ensure a proactive approach to cyber security.  Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or  

Weekly Cyber Intelligence Briefings:





E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!