What is account takeover (ATO) fraud and how can I prevent it?
Account Takeover (ATO) fraud is a type of identity theft where a malicious third party “takes over” an online account such as bank accounts, social media profiles, or email addresses. ATO takes advantage of the vulnerabilities created by customers, such as reusing passwords and falling victim to phishing scams.
How does account takeover happen?
The foundation for a successful account takeover is access to a user’s account credentials. Here’s how attackers usually compromise legitimate accounts:
Brute-force attacks: This includes password spraying (guessing common passwords for a given user). The attacker, usually through an automated script, tries a username/password combination across many accounts until one works.
Phishing: Credential phishing remains a highly effective way to get a user’s password. Without barriers like multi-factor authentication (MFA), stolen credentials lead to compromised accounts.
Malware attacks: Keyloggers, stealers, and other forms of malware can expose user credentials, giving attackers control of users’ accounts.
How can you secure your business data against corporate account takeovers?
We take the protection of your Brex account data seriously. However, because account takeovers often originate outside of our jurisdiction (such as in email or on the internet), there are precautions and actions on your end that we recommend you take to prevent unauthorized activity–in your Brex account or wherever else your business data might be stored or in use.
Unique sign-in credentials
Create unique, complex passwords - if possible, use a password manager to make it easy.
Monitor your credential use through services like haveibeenpwned.com, a site that allows users to search for breaches where their information may have been exposed. ATO attacks rely heavily on the reuse of credentials, especially those exposed in third-party data breaches.
Change your password if you suspect fraudulent behavior may have occurred.
Employee education
Ensure employees are trained to recognize and report suspicious emails and phishing attempts.
Enforce strong password habits.
Protect your online environment
Keep software up-to-date.
Make sure all systems are secured, especially cloud-based and internet-facing systems.
Have employees use VPNs.
Implement MFA systems.
Be vigilant
Pay attention to suspicious activity and report quickly.
Work with your internal security team to employ hardware and software monitoring tools.
Implement continuous password monitoring for exposed credentials to enforce password hygiene and mitigate threats as they arise.