How to prevent account takeover (ATO)

'How to' guides

Account takeover (ATO) is a form of identity theft that happens when cybercriminals get their hands on a victim's login details. Once a fraudster has unlawful access to users' email accounts, they can impersonate their victims and trick employees into sending across sensitive business data or large sums of money.

ATO presents a severe risk to businesses. Therefore, everyone in your organization must know how to detect account takeover and learn the best methods of account takeover prevention.

Account takeover detection

Being able to recognize the signs of account takeover will give you a better chance of putting a stop to it before it's too late:

1. Strange inbox activity

If your 'sent' folder contains emails that you didn't send, this is a sure-fire indication that your account is compromised.

You may also notice emails, such as password resets, in your inbox from other websites if the hacker has attempted to access other accounts using your credentials.

2. Changed password

On some occasions, a cybercriminal may change your password to prevent you from getting back into the account. Therefore, if your password is being rejected, but you weren't the one who altered it, there's a good chance you've been hacked.

3. People tell you

When a hacker has access to your email account, they will masquerade as you and attempt to send out fraudulent emails. Some of your contacts may notice that the emails are suspicious and warn you. If you didn't send those messages, take immediate steps to secure your account.

Account takeover prevention

Following best cybersecurity practices is essential in account takeover prevention. Here are some of the best methods of defending your account:

1. Unique passwords

When choosing a password, it's crucial to steer clear of anything a hacker could easily guess - for example, your name, your birthday, or a simple word such as 'password'. 

Instead, you should use a mixture of numbers and uppercase and lowercase letters. Try using a sentence and abbreviating it. To illustrate, "I play piano for my family" would become "IpPIANO4mf".

Remember to use different login details across all of your accounts for maximum protection. If you're worried about forgetting your new passwords, you can enter them into an encrypted Excel spreadsheet for future reference.

2. Multi-factor authentication and biometrics

Multi-factor authentication (MFA) requires you to enter two or more pieces of information to log into your account. As a result, cybercriminals find it much trickier to gain entry.

Approximately 60% of account takeover victims use the same password across multiple accounts. Therefore, you should consider enabling MFA or biometrics on all your accounts - not just your business email address. If a hacker has access to your login details, they may be able to use them elsewhere and cause further damage.

An added advantage of using features, such as facial recognition, voice recognition or fingerprints, is that it removes some of the risks caused by password recycling.

3. Good cybersecurity habits

Never open an attachment or click on a link within a suspicious email, even if it looks like it's from someone you know. If a hacker has compromised another user's account, they can pose as the victim to continue scamming others.

If you want to verify that an email has come from the sender it's claiming to, contact the individual directly using another contact method.

You should also ensure that you perform all software updates as soon as they're available. Often, updates contain patches for software vulnerabilities that hackers could exploit to install password-stealing malware on your device.

4. Intelligent anti-phishing solutions

Traditional anti-phishing filters are unable to detect cybercriminals' ever-evolving scams, so fraudulent emails can enter your organization undetected.

Intelligent anti-phishing solutions, such as Egress Defend, have a unique advantage. Using machine learning, Defend analyses not only the content of emails, but the context too. Consequently, it will alert employees to complex and context-driven phishing attacks, such as ATO, in real-time.

Learn more about account takeover

Cybercriminals' techniques are becoming increasingly sophisticated and costing businesses billions of dollars each year. Make sure you're always one step ahead.

Keep up-to-date on the latest hacking tactics and protect your organization by visiting our phishing hub.