Facebook Linkedin
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Search
Saturday, July 5, 2025
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Facebook Linkedin
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cisomag banner-Essentials
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Home News How to Prevent Account Takeover Attacks
  • News
  • Threats

How to Prevent Account Takeover Attacks

Account Takeover attacks are on the rise and you could be one click away from being scammed.

By
CISOMAG
-
February 4, 2021
Facebook
Twitter
Pinterest
WhatsApp
    web application attacks

    In tandem with improvements in digital financial services and e-commerce, threat actors have gotten more creative with account takeover attacks and scams. You could be one click away from a fraudsters’ act that could cause severe identity and financial data theft. Let’s take a look into how cybercriminals boosted their social engineering techniques to exploit online transactions ever since the pandemic hit.

    According to Kaspersky’s research, the share of account takeover attacks increased from 34% in 2019 to 54% in 2020. Every second fraudulent transaction in the finance sector was an account takeover attack.  In 12% of security incidents, adversaries exploited legitimate Remote Administration Tools (RAT) like TeamViewer to gain access to user accounts.

    What is an Account Takeover attack?

    Account Takeover attack is a form of identity theft where an attacker uses botnets to illicitly obtain access to a victim’s bank and e-commerce accounts. Cybercriminals often shop unauthorizedly or make fraudulent transactions from the victim’s compromised account. In account takeover attacks, scammers most commonly use Credential Stuffing and Brute Forcing attacks to take over users’ accounts.

    The Kaspersky Fraud Prevention team found two popular methods – “the rescuer” and “the investor”  by which scammers execute account takeover attacks and both involve Vishing victims.

    Rescuer Technique: In this technique, fraudsters introduce themselves as employees of the largest bank in the potential victim’s region and use a spoofed caller ID for incoming calls to pose as a real bank.

    Investor Technique: In this technique, scammers impersonate employees of an investment company or an investment consultant from a bank. They offer customers a quick way to make money by investing in cryptocurrency or shares directly from the client’s account, without having to go to a bank. Attackers then ask the victims for the code they received in a text message or push notification.

    How to Counter Account Takeover Attacks

    Kaspersky has recommended security measures to businesses and users to protect against evolving fraud tactics. These include:

    • Limit the number of attempts to conduct a transaction; cybercriminals may try several times to enter the correct credentials.
    • Educate your customers on possible tricks that malefactors may use. Regularly send them information on how to identify fraud and the best way to behave in this situation.
    • Conduct annual security audits and penetration tests to find security issues in a company’s network.
    • Have a dedicated fraud analysis team capable of finding and analyzing the emerging methods fraudsters use.
    • Implement multi-factor authentication to minimize the chance of accounts being taken over.
    • Install a fraud prevention solution that can be quickly adapted for identifying new attack schemes and methods.

    “Bank clients always place a high value on ease of access to their accounts and performance of usual financial operations, and now this has become especially important. That is why we believe that solutions for the financial industry should provide a high level of security measures — including protection against fraud — which is seamlessly integrated into the user experience. And of course, it’s worth regularly reminding clients about fraudsters’ techniques, so that they are likely to notice something,” said Claire Hatcher, Head of business development for Kaspersky Fraud Prevention.

    • TAGS
    • Account Takeover Attacks
    • cyber risks in the e-commerce sector
    • cyberattacks in the finance sector
    • Cybercriminals
    • fraudulent transaction
    • Kaspersky research
    • Kaspersky’s fraud prevention team
    • social engineering attacks
    • vishing attacks
    • what is account takeover attack
    Facebook
    Twitter
    Pinterest
    WhatsApp
      Previous articleHow to Report and Regain Access to Your Hacked Twitter Account
      Next articleAirtel Data Leak: Close to 2.5 Mn Indian Users Likely Affected
      CISOMAG
      CISOMAG
      https://cisomag.com/

      RELATED ARTICLESMORE FROM AUTHOR

      PSTI IoT Bill, Common IoT Attacks
      Features

      3 Common IoT Attacks that Compromise Security

      SIM Swapping
      News

      FBI Issues a Lookout for SIM Swapping Attacks

      remote work, Remote workforce security
      News

      How Remote Work Increase Digital Anxiety



      Cyber Career Starter Scholarship

      Latest Issue is Out!

      Ciso mag jan
      cciso_sidebar
      boxbanner

      FOLLOW US FOR MORE UPDATES


      CYBER SHOTS
      Quick, punchy updates on Cyber trends, news and links to free resources. Only via Telegram and Signal. Join the groups now!
      Click Here Click Here
      Cybersecurity News and Updates, Magazine
      CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
      Contact us: [email protected]
      Facebook Linkedin

      EVEN MORE NEWS

      CyberSecID Conference 2025 (CSID2025)

      July 4, 2025

      World AI Show – Indonesia

      July 4, 2025

      Cyber Security Expo Europe

      June 19, 2025

      POPULAR CATEGORY

      • News2554
      • Threats1657
      • Features592
      • Partnerships215
      • Governance191
      • Startups161
      • Upcoming Events122
      • Terms of Use
      • Privacy Policy
      • Advertise with us
      • Contact Us
      • MASTERCLASS
      © CISOMAG 2024
      We Care
      Ensuring that you get the best experience is our only purpose for using cookies. If you wish to continue, please accept. You are welcome to provide a controlled consent by visiting the cookie settings. For any further queries or information, please see our privacy policy.
      Do not sell my personal information.
      Cookie SettingsAccept
      Manage consent

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
      Necessary
      Always Enabled
      Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
      CookieDurationDescription
      cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
      cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
      cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
      cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
      cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
      viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
      Functional
      Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
      Performance
      Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
      Analytics
      Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
      Advertisement
      Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
      Others
      Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
      SAVE & ACCEPT
      MORE STORIES
      Upcoming Events

      CyberSecID Conference 2025 (CSID2025)

      CISO MAG - July 4, 2025 0
      Date: July 9-10, 2025 Location: Shangri La, Jakarta, Indonesia CyberSecID Conference 2025 (CSID2025) is a premier gathering of security professionals from...