June 2024 - How to Prevent Account Takeovers

Cybercriminals are always looking for ways to break into your online accounts to try and obtain your valuable personal data and perhaps even your money.

This is, of course, not a groundbreaking revelation.

However, some bad actors may go a step further and try to outright steal your account rather than just taking data and money. Account takeovers are becoming increasingly common, and BlackCloak recently has seen a noted rise in this cyberattack.

It’s important to note that account takeovers are a lot more nuanced than you might think. Account takeovers may not always happen with malicious intent in mind, and the range of outcomes for account takeover victims can range from mild annoyance to damaging theft and fraud.

This blog post will explain how account takeovers work, the damages victims may face, and how to best protect accounts from those who wish to take them over.

What Happens When an Account is Taken Over?

Account takeovers are when an unauthorized person gains access to a person’s account, prohibiting the rightful owner from having access. These attacks normally take place when the cybercriminal in question has gained access to the target’s login credentials.

And they may gain access to said credentials through a number of different methods. Cybercriminals can obtain login credentials through a data breach they committed or by purchasing them off the dark web from a previous cyberattack.

They can gather login credentials through credential stuffing, which is when cybercriminals leverage bots to automatically login into a user’s account by trying different username and password combos.

Login credentials can be lost if a person falls victim to a phishing message. A phishing message may trick a person into divulging their login credentials, or they could contain malicious links and downloads that may install malware onto their device.

Regardless, the goal is to gain access to the account, and after they do so, they may change the password to prevent the victim from getting back into the account.

Account Takeovers Don’t Always Happen on Purpose, But Damage Can be Severe

Account takeovers are a real cyberthreat, but not all examples of account takeovers are malicious in nature. In fact, some of them may happen entirely by accident. This is especially the case if your username or email is based on your name, and you have a particularly common name in general.

A person with a common last name may try and reset the password to their email address, but may enter the wrong numbers

For example, a person named John Smith is trying to reset their password, but accidentally enters the email address of another John Smith on the platform. The first John Smith’s email address is JohnSmith123, but in this example, he only enters JohnSmith12, which belongs to another person.

After failing to log in, the first John Smith may ask to reset their password, not knowing they are attempting to log into the wrong account. If the website has lax verification measures, the second John Smith may be locked out of their account by another person who meant them no harm.

The outcomes that can arise from account takeovers aren’t always going to be the worst case scenario. In fact, it can simply be a mild annoyance. An unauthorized person may commandeer an account to take advantage of a discount, or attempt to game the system by using phony gift cards. This may result in the account being removed or banned, which would be a pain, but not result in major harm.

But major harm can come from account takeovers, and it’s why you should take each instance of it seriously. If your account is taken over, your personal information may be stolen or sold, fraudulent purchases may be made with your money, or your funds may be stolen outright if the account that was taken over is tied to your bank, for example. Phony bills may be started in your name, which can result in more money lost or a hit to your credit score.

All of this may lead to further instances of identity fraud and more headaches down the road. Yes, it’s possible that the worst you may face is losing access to an account and having to make a new one, but as you can see, the worst case scenario can be incredibly damaging.

Protect Accounts From Takeovers

While it can be a damaging cyberattack, cybersecurity professionals can take immediate steps to ensure the accounts belonging to all of their employees are protected from account takeovers. A lot of the best practices to stop account takeovers are similar to those to halt other cyberattacks as well

Here’s how to protect against account takeovers:

• Implement MFA: Implement multifactor authentication on accounts when available. Even if a cybercriminal obtained login credentials, they would not be able to access your account if you’ve turned on MFA, especially if you use an authentication app or a physical security key.
• Limit the Amount of Info Shared Online: Limit the amount of information shared on the internet. The less people know about a person, the harder it will be to track them down, or perhaps leverage that information to try and discover usernames and passwords.
• Practice Good Password Hygiene: Ensure all employees create unique, strong passwords for their accounts, and consider storing them in a password vault as well. By creating unique passwords, an individual would only have to worry about securing one account rather than multiple.
• Monitor Accounts: Set up mechanisms to monitor account activity to detect unusual behavior that may indicate an account takeover.
• Implement Account Lockout Policies: Implement account lockout policies after a certain number of failed login attempts to prevent brute-force attacks.
• Educate Employees About Cyber Scams: Continuously educate staff on evolving cyberthreats, and teach employees how to spot the red flags that may indicate a particular message may be malicious.

Account takeovers can cause headaches at an organizational level, as well as a personal one. But by continuing to practice good cyber hygiene, cybersecurity professionals can take the steps necessary to ensure any account under their purview is safe.