Advanced phishing

Why are account takeover attacks so dangerous?

by Egress
Published on 22nd Dec 2021

An account takeover attack is something your business should take seriously. It can happen when an attacker gains control of an account through a social engineering scam. No matter if it’s a personal or business email, risks are involved. All businesses and their employees must be aware of how these attacks can happen and how to protect their accounts.

For businesses, the biggest threat is an email account becoming compromised, as this allows an attacker to infiltrate your organization while appearing genuine. That allows them to do significant damage, including stealing sensitive information.

What makes account takeover attacks dangerous

In 2020, attempted fraudulent logins increased 282%, showing just how much these forms of attacks are increasing. In 2021, those numbers increased even more, with the Identity Theft Research Center reporting a 17 percent increase in business data breaches in the US alone during the first quarter of the year.

Once a hacker gains access to a business email account, it allows them to bypass standard anti-phishing software. Most security tools look for anomalies in email addresses, and the way employees communicate with one another. That works well if a criminal is using a spoofed account to trick an employee into thinking they are legitimate.

However, once they are in control of a genuine account, it's difficult for security tools to catch. That allows a criminal to steal data, plant malware, and gain deeper access into a business's systems.

Why it's hard to catch

Cybercriminals use spear phishing to harvest login credentials and, once they do, they use that information to log in and take over an account. At this stage, an account is in the hands of a criminal will still appear legitimate.

Standard anti-phishing tech won't detect whether or not an account is under the control of a cybercriminal.

For example, suppose a criminal gets hold of a business email account. In that case, all emails coming from that address will appear genuine — this allows the hacker to steal information, deliver additional social engineering attacks, and trick employees into handing over sensitive data such as payment details.

Spotting the signs of account takeover

If you see any signs of an account takeover, take immediate steps to secure your account, which means contacting security staff and changing passwords. That means educating employees on what to look for and giving them the tools needed to protect themselves and their accounts. Here are some tips for spotting the signs of an account takeover:

  • Strange inbox activity - If your 'sent' folder contains messages you didn't send, it's likely there's been a breach.
  • Changed password - If you get a notification that your password's been changed, it could be a criminal trying to lock you out of your account.
  • Suspicious activity - If colleagues and contacts mention odd messages coming from your account, it's likely someone is sending emails while masquerading as you.

It's very difficult to stop an account takeover attack once a criminal has taken control. The best approach is to prevent these attacks at the spear phishing stage. 

How to prevent it

Prevention is better than cure regarding account takeover attacks. Good cybersecurity practices will help you and your employees ensure these attacks don't happen. However, it's always worth training employees on the signs of an account takeover attack. Here are some best practices for preventing account takeover attacks:

  • Train employees on password best practices — including random password generation
  • Use a password management tool
  • Use two-factor authentication wherever possible, so a lost password doesn't mean a lost account
  • Keep all software up to date
  • Train employees on social engineering attacks, particularly spear phishing

When it comes to account takeover attacks, it's best to take all steps possible to prevent the attack. To understand more about these attacks and the signs to watch out for, take a look at our phishing hub.


What is account takeover risk?

An account takeover is when a criminal gains access to an email account. For businesses, the risk here is a hacker being able to pose as a genuine person within the company. From there, they can do all sorts of damage, including stealing data, accessing sensitive information, and making payments.

What occurs during an account takeover?

A criminal will gain access to an account – often through a phishing scam – from there, they can use that account as if they were the owner. That allows them to do some serious damage before they're detected.

What is account takeover protection?

Account takeover protection looks at the activity in an inbox to monitor for suspicious behaviour. Other prevention techniques include complex passwords and two-factor authentication.