FDIC logo

Secure Account Sign In

Account Takeover Fraud is Rising – Here's How to Avoid It

Suppose you accidentally tap on a malicious link in a phishing text or an email. What happens next?

The answer, in many cases, is this: cybercriminals will begin the process of taking control of your personal accounts, giving them the ability to steal your money – and even lock you out of those accounts.

This process is known as account takeover fraud, or ATO – and it’s a rising threat to individuals and businesses alike. To better keep you safe, here’s what you should know, according to the FBI’s Internet Crime Complaint Center (IC3).

Methods:

First, let’s lay out a few ways in which cybercriminals may attempt to obtain access to your bank, payroll, health savings, or social media accounts:

  • Brute forcing username/password: A criminal may exploit your password if it’s easy to guess and lacks multi-factor authentication.
  • Phishing emails, websites, and texts: You may receive a digital message that encourages you to give away your login credentials.
  • Social engineering: By impersonating a bank employee or tech support agent, a bad actor may deceive you and try to get you to share your credentials.

Prevention:

Once a fraudster has your credentials, they’re likely to log in, take over your account, and lock you out by changing your old password. Therefore, it’s crucial to take steps to prevent these crimes from occurring in the first place. Here’s what IC3 recommends:

  • Be careful about what you share on social media. By “oversharing” data points like your date of birth, you might be giving scammers the clues they need to guess your password.
  • Monitor your accounts for unusual activity. Keep a close eye out for missing deposits in your bank account activity, for example.
  • Make your passwords complex, and use two-factor authentication when possible.
  • Use bookmarks/favorites for websites you visit frequently. A complicated password or two-factor authentication won’t save you if you enter your information on a fraudulent website.

Finally, if account takeover occurs, it’s important to act fast. Contact your financial institution and inform them of the breach as soon as possible – and if you can, log in and reset your compromised password. IC3 also recommends that you file a complaint at their website.

By staying vigilant, you improve your chances of staying safe from cybercrime – and keeping your accounts in your control. Visit the FIBT Education Center for even more tips on staying one step ahead of scammers.

Business Banking, Personal Banking, Security