The Clearsale Blog

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Account takeover is the biggest fraud threat U.S. consumers haven't heard of

Account takeover fraud is a huge problem, but most US consumers don’t know about it. Only 36% of US consumers say they are familiar with account hijacking fraud, even though it’s one of the fastest growing types of online fraud. And unlike credit card fraud, a successful account takeover can often allow criminals to exploit multiple accounts belonging to the same victim. Here’s what you need to know to protect your accounts from takeover fraud.

What U.S. consumers know about online fraud

ClearSale commissioned a survey done by Sapio Research of U.S. consumers to learn about their shopping behaviors, preferences and attitudes about online fraud. Over a thousand consumers who shop online at least every few months participated. What they found is that while the majority of online shoppers are aware of credit card fraud and email phishing scams, not even half were familiar with account hijacking, also known as account takeover (ATO) fraud.

CSUS - 36% of respondents are familiar with hijacking fraud

The high level of awareness about credit card fraud makes sense. This type of fraud hit 270,000 U.S. victims in 2019, making it the most common type of consumer identity theft. Credit card theft and fraud have been trending up in the U.S. for half a decade, but there was a huge jump in reported card fraud—more than 72%--from 2018 to 2019. In many cases, credit card theft leads directly to online shopping fraud, which more than half of respondents knew about.

High levels of awareness about phishing and email scams are good, too. They’re a sign that corporate and government campaigns to educate people about phishing are working. Despite the widespread awareness among consumers, phishing has been a serious problem for years, especially for businesses and large organizations. One group of threat researchers found that the number of phishing attacks declined by 42% in 2019, but only because criminals are getting better at focusing their attacks on high-value victims. Still, some attacks impersonate familiar brand names to trick consumers into handing over their passwords, so be vigilant.

Then there’s ATO (aka hijacking) fraud. ATO fraud increased 79% from 2017 to 2018 in the U.S., and mobile phone account takeovers increased by 78% from 2018 to 2019—a disturbing trend because so many consumers have email, social media, banking and shopping apps linked to their mobile accounts. With so many of us—even fraudsters—stuck at home for health and safety reasons, online gaming account takeover fraud is growing, too.

This combination of rapid growth and low public awareness means many consumers are at risk for suffering an account takeover attack..

What exactly is account takeover fraud and what makes it so dangerous?

An account takeover happens when someone else gets access to one of your digital accounts. Credit card and bank accounts are the ones people usually think of first, but social media, email, shopping and other accounts can also get hijacked by fraudsters. Once they’re in the account, they can use it to do what they want, whether that’s make purchases online, steal information or deface someone’s social media pages.

There are at least four reasons why ATO fraud is so damaging.

  1. Thieves can get access to your funds and personal information. Even if they don’t crack your online checking account, a fraudster with access to your Facebook account may be able to shop on Facebook with the payment data you have saved there.
  2. Fraudsters can take over more of your accounts if you use the same password on them.
  3. Once a criminal has access to your accounts, they can lock you out by changing the passwords and other contact information.
  4. With enough of your personal and financial information in their control, criminals can open new accounts in your name to commit more fraud.

How does ATO happen and how can you protect yourself?

Most consumers are aware of the dangers of fraud and know to keep their passwords a secret, so how does ATO fraud happen? One major cause is out of the average person’s control, but the other is not.

Data breaches and ATO fraud

Data breaches are a huge source of passwords and other login credentials. When criminals find ways to steal data from companies and government agencies, they resell that information to other criminals, who often use it to hijack accounts. In 2019, more than 164 million records were exposed by data breaches in the U.S., and new breaches are reported every week around the world. There’s not much consumers can do about this trend, but there’s a related step that can limit the damage.

Secure passwords can limit ATO damage

If one of your shopping passwords is exposed in a breach, the fraud might be limited to that account. But most of us make it easy for fraudsters to do worse. More than 84% of us use the same password for multiple accounts. That’s like handing a skeleton key to criminals. They can test your stolen login credentials from one account with all your accounts or with common platforms to see what else they can take over.

So, the first line of defense against ATO for the average person is to use a unique, strong password on every account you have. This means you will need to use a password manager, because you won’t be able to remember then all.

You can also:

  • Consider using two-factor authentication (2FA) on your most sensitive accounts. An authenticator app is more secure than SMS 2FA.
  • Check to see if your passwords have been exposed. The Jumbo app and the Have I Been Pwned website are resources that many tech experts recommend for this purpose.
  • Regularly check your bank statements and sign up for spending alerts.
  • Be careful about following links in emails to login pages. Remember that phishing attacks can arrive via text and voice call, too.
  • Consider signing up for credit monitoring and/or putting a freeze on your credit with the three major reporting agencies.
  • Report suspicious transactions to your bank; report confirmed fraud to the authorities in your area.

Account takeover fraud is a serious and growing problem, but consumers can fight it. With good password practices, caution about unfamiliar links and calls, and regular attention to your account activity, you can reduce your risk of becoming an ATO fraud victim.

Original article at: https://technative.io/account-takeover-fraud/

You may also like

2020 Changed the Way Australians Shop. Can Your Store Keep Them in 2021 and Beyond?

2020 Changed the Way Australians Shop. Can Your Store Keep Them in 2021 and Beyond?

Notable ecommerce acceleration and evolving consumer behaviours have changed how retailers conduct business. Ralph Kooi shares the key areas that merchants should focus on for the best ROI when it..

Top Industry Trends for Retailers in 2021

Top Industry Trends for Retailers in 2021

Where 2020 will forever be the year of COVID-19 for families around the world, for online retail 2020 will be known as a year of transition, adoption and realignment of business models.

Reducing Ecommerce Cybercrime

Reducing Ecommerce Cybercrime

Cybercrime, in all forms, is growing. But the COVID-19 pandemic and ensuing rise in online shopping, has given rise to an increase in card-not-present (CNP) crime. To find out more—and learn how..

What Can Hackers Do With My Email Address? A Lot. Here’s How to Protect Your Identity

What Can Hackers Do With My Email Address? A Lot. Here’s How to Protect Your Identity

Yahoo Life is committed to finding you the best products at the best prices. The products written about here are offered in affiliation with Verizon Media, Yahoo Life's parent company. We may..

If Your Store Had No Ecommerce Fraud This Holiday Season, You May Have a Larger Problem

If Your Store Had No Ecommerce Fraud This Holiday Season, You May Have a Larger Problem

Fraud is a costly problem for merchants, and it’s growing. The cost of fraud to retailers is up 6.6% this year over last, according to LexisNexis. And merchants may have been extra concerned about..

David Fletcher of ClearSale: Five Things You Need To Know To Successfully Manage a Remote Team

David Fletcher of ClearSale: Five Things You Need To Know To Successfully Manage a Remote Team

As a part of our series about the five things you need to successfully manage a remote team, I had the pleasure of interviewing David Fletcher.

Does Your Store's Customer Experience Live Up to Your Marketing Promises?

Does Your Store's Customer Experience Live Up to Your Marketing Promises?

As consumers, we want to be recognized and catered to, and we can always use more convenience and positive experiences – especially during a time when there's more uncertainty than usual.

Retailers Need to Fully Accept Mobile Device Shopping in 2021

Retailers Need to Fully Accept Mobile Device Shopping in 2021

Retailers need to turn the disruption caused by the pandemic into an opportunity, and this opportunity exists online, explains a leading analyst. Retailers need to identify and follow consumer..

Are You Cybersecure?

Are You Cybersecure?

With more consumers shopping online, retailers and brands must have sufficient cybersecurity \systems in place to protect themselves and their customers. We ask some industry experts about how the..

Want to write
for our blog?

Please review our writers' guidelines
https://www2.clear.sale/press/clearsale-guest-blog-guidelines
and then email guestwriter@clear.sale with your pitch!

Subscribe to our blog