3 Effective ways to prevent account takeover attacks

July 23, 2020

Year after year, the number of reported data breaches keeps soaring. In fact, 8.4 billion records were exposed in the first quarter of 2020 alone, which is a 273% jump from the 4.1 billion records exposed in the first half of 2019. However, despite these alarming statistics, many users continue to have poor cyber hygiene habits, such as reusing passwords across multiple accounts. The problem is that if a user’s login credentials are exposed in a data breach, then cybercriminals can easily use those credentials to launch multiple account takeover (ATO) attacks.

What is account takeover?

Also known as account compromise, ATO happens when a fraudster gains control over a legitimate online account, such as a social media, an email, an eCommerce, or an online banking account.

Typically, fraudsters use stolen login credentials to access an account and change the password to lock the true account holder out. They also change the associated shipping address and other account details so that they could conduct unauthorized transactions. For example, they could use the loyalty points or credit card information connected to that account for their own benefit. They could also sell that account or the personal information scraped from it to other bad actors.

Further reading: How hackers steal your passwords

Imagine the damage fraudsters could do if they take over a business or high profile account. In mid-July, the verified Twitter accounts of billionaires Elon Musk, Jeff Bezos, and Bill Gates were hacked and used for a Bitcoin scam. Some of these hacked accounts were used to tweet requests for donations in cryptocurrency. More specifically, Bill Gates’ account was used to send out the tweet, “Everyone is asking me to give back. You send $1,000, I send you back $2,000.”

How do you prevent account takeover?

1. Train your employees to practice good cyber hygiene habits
When it comes to cybersecurity, many experts say that humans are the weakest link, with 78% of them claiming that employee negligence is the biggest threat to the cybersecurity of businesses. That’s why it’s important to teach your staff the different cyberattacks to watch out for and instill in them good cyber hygiene habits, such as:

  • Using a reputable anti-malware software
  • Creating unique, strong passwords for every account
  • Installing software updates and patches regularly
  • Thinking twice before clicking links or downloading attachments
  • Being careful about sharing personal information online
  • Backing up files regularly

2. Have your IT admins implement multifactor authentication
Aside from using strong passwords, a great way to secure your online accounts is to use multifactor authentication (MFA). MFA is a security system that allows account access only after users have provided two or more pieces of evidence (e.g., one-time PIN sent via SMS, fingerprint scan, or payment card security code) to verify their identity. By requiring more than one authentication method, the login process becomes more secure. In fact, Microsoft says that MFA blocks 99.9% of account hacks.

3. Deploy a strong email security solution
While bad actors can launch cyberattacks using a variety of delivery methods, email continues to be a popular choice. Cybercriminals usually send out phishing emails to trick users into activating an embedded malware or granting unauthorized access, which could result in an ATO.

In the past, regular spam filters were enough to block suspicious emails. But as email-based cyberattacks grow more sophisticated, not even G Suite or Microsoft 365 can filter them out. The good news is that Graphus can. Thanks to the power of artificial intelligence and machine learning, Graphus can secure your email even from new and emerging cyberthreats.

Want to learn more about Graphus and how it can prevent ATO? Try it out yourself! Enjoy your FREE 14-day Graphus trial here.

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.

Get a Demo of Graphus