How to prevent account takeovers in 5 simple steps

February 5, 2018

Imagine if someone went on a shopping spree with your credit card, but when you called the bank, they didn’t believe that you were you? Users targeted by account takeover attacks face scenarios like this every day.

Read on and learn how to prevent these devastating hacks.

Hackers breach user accounts to commit fraud

Account takeover fraud occurs after cybercriminals gain unauthorized access to user accounts. In some cases, attackers will change essential information like a password, phone number, and postal and email addresses attached to the account. The result: legitimate account holders are locked out.

Victims no longer receive alerts about unusual activity, delaying them from noticing the attack. And when the account holder contacts the company to explain the situation, because they can’t verify the information associated with their account, THEY appear suspicious.

Cybercrooks are always looking for vulnerabilities

All reputable websites take cybersecurity seriously and put measures in place to protect their users. But hackers are constantly searching for weaknesses.

In August 2017, Marketplace illustrated the growing threat of account takeovers with the following case study. Married couple Tiffany and Kevin Bennett shared an account with their phone company. Tiffany received an email informing her that someone had changed the password on the account.

She thought it might have been her husband’s doing but forgot to check with him as it didn’t seem important. A couple of hours later she became suspicious when the text function on her cell phone stopped working. She’d been hacked.

Attackers had acquired the credentials linked to the couples’ cell phone account, logged in, and changed the password before transferring the phone number to another device. They had also gained access to one of the couples’ credit cards and used it in combination with the cell phone account to make purchases totaling hundreds of dollars.

When the credit card company sent a text to the hijacked phone number to ask if everything was OK, the attackers could respond on behalf of the couple to say all was well.

What can be done to secure your accounts?

While there’s no miracle cure for account takeovers, there are several ways to prevent them. Read the five essential tips below to get started.

1. Keep track of your accounts

Keeping an eye on your accounts is never a bad thing. How often you check in on them is up to you, but just being aware of the risk might help you notice if something unusual is going on.

If you get messages about suspicious activity or a changed password, investigate it. If you come across a transaction you don’t recognize, try to remember if you made the payment.

For an extra layer of security, consider doing your online shopping with a low-limit credit card, or a debit card linked to an account with a moderate balance. If an attack is successful, this will limit the damage.

2. Don’t use a public WiFi connection for banking

They’re handy when you’re out and about, but it’s hard for everyday users to verify if public WiFi is safe to use.

Protect your data by turning on your firewall and turning off sharing files and printers. Never enter sensitive credentials for bank accounts and credit cards. And remember, always disconnect from a WiFi hotspot at the end of a session.

Super secure, a Virtual Private Network (VPN) is a great investment for people who are often on the go. If you must access your bank account use your mobile data. While it’s not impossible to hack a 4G connection, it’s a lot harder than hacking public Wifi.

3. Never, ever reuse a password

Use a secure and unique password for every single one of your accounts. If you are using the same password on multiple sites, you present a much easier target for attackers.

Billions of user credentials leaked in previous data breaches are for sale on the Dark Web. Hackers can use these credentials to try to gain access to accounts on other sites, as many people reuse the same password and username. Don’t be one of them.

4. Use multi-factor authentication

There are several ways to add an extra security measure into the identity verification process. One of the most common authentication methods involves codes sent to your cell phone via text message.

While it wouldn’t have protected the Bennett’s credit card, this approach to multi-factor authentication will keep your account a lot more secure. Attackers typically look for easy targets. But, with a strong, unique password and another factor in play, you’re a long way from the first choice.

5. For businesses operating online, EyeOnPASS is the answer

From a business perspective, keeping your user accounts safe is key to preserving a good reputation.

A lot of the tips mentioned above apply to companies too. Notify your users about unusual activity, enable multi-factor authentication, and perhaps most importantly, help your users choose secure passwords.

The latter can be achieved quickly and easily with EyeOnPASS, an ever-growing database that makes it easy to stop the use of passwords leaked in third-party data breaches. These credentials should never be reused on your website, and with our help, they won’t.

The first step to security is understanding that you need to make changes. You’ve already come that far by taking the time to find out more about account takeover fraud and how to prevent it.

Don’t let the cybercrooks succeed. Secure your accounts today.

Related Posts

June 17, 2018

The U.S. National Institute of Standards and Technology (NIST) has just released version 1.1 of its Cybersecurity Framework. President Obama…

May 18, 2018

Facebook CEO Mark Zuckerberg has been in the news for all the wrong reasons lately. And his timing couldn’t be…

April 13, 2018

It started out as a reliable way to protect websites from the blight of automated bots. But the Completely Automated…

February 8, 2018

Phishing isn’t what it used to be. Malicious websites look legitimate and crooked emails appear to come from trusted senders.…