Account Takeover (ATO) Fraud
Account takeover fraud happens when threat actors use an legitimate set of user credentials to gain control of an account to commit fraud.
What is Account Takeover (ATO) Fraud?
Once a threat actor has a user’s credentials to gain control of a legitimate account – such as an email account, bank account, or social media profile – they have free reign to engage in a variety of fraudulent activities, including:
- Phishing attacks against other employees to gather additional victims’ credentials for nefarious purposes.
- Supply chain attacks by presenting themselves as a legitimate employee to defraud partners and customers.
- Business email compromise attacks where they present themselves as a high-level executive and direct employees to bypass security measures and transfer funds to bogus accounts.
- Financial fraud by accessing an individual or business account and stealing funds directly through wire transfers.
- Exfiltration of additional sensitive or personal data that could prove useful for social engineering in future attacks.
- DDoS attacks that leverage compromised accounts and stolen credentials to disrupt service availability.
Common Tactics used in ATO
So how does a threat actor gain access to the credentials to begin with? There are a variety of ways:
Brute-force attacks – they employ a botnet to run through common username/password combinations and make thousands of login attempts per hour until they gain access
Credential stuffing – since it’s fairly common practice for people to reuse credentials, threat actors use powerful botnets to see if the same credentials help them gain access to other accounts
Man-in-the-middle attacks – intercept communication between users and websites to steal credentials
Malware – they use keyloggers and stealers that can expose user credentials
Dark web markets – they purchase stolen credentials for anywhere from a few dollars to more than a thousand dollars per individual account
How to Prevent Account Takeover Fraud
Strong cyber hygiene policies can go a long way toward preventing these attacks, including the use of unique complex passwords that are changed frequently, multi-factor authentication, and user access controls.
Setting rate limits on login attempts can help prevent account takeover attempts to begin with, while freezing compromised accounts can prevent threat actors from changing passwords.
Because DDoS attacks can be a smokescreen for ATO and vice versa, advanced DDoS protection can help by monitoring the network for suspicious activity while keeping legitimate traffic flowing, and stopping attacks before damage is done. When coupled with AI-assisted threat intelligence, it can continually learn from new data and adapt in real time to stay ahead of emerging threats, counter evolving methods, and keep defenses sharp.
Get in Touch
Visit our threat intelligence research center for more information on DDoS defense in depth.
