Skip to main content

What is account takeover fraud?

Account takeover fraud is one of the most common forms of identity theft. It occurs when fraudsters:

  • Gain access to your account information.
  • Change your personal contact information (i.e., phone, email, etc.).
  • Carry out unauthorized transactions from your account.

How do fraudsters gain access to your account information?

Most commonly, fraudsters employ phishing tactics to obtain your login and password information. Phishing is the fraudulent practice of sending emails or texts claiming to be from a reputable company in order to induce individuals to reveal personal information, such as passwords and account numbers.

For a refresher on how to spot phishing attempts, read Four ways to know if it’s a scam and/or Scam Alert: Phishing Text Message.

What do fraudsters do with stolen accounts?

Once they gain access to your account, fraudsters can severely disrupt your financial security and wellbeing. They may, for example:

  • Order a new card from your credit card company and use it to make purchases.
  • Buy a new smartphone from your cell phone carrier.
  • Access and redeem your account credits or rewards points for their own benefit.
  • Make a payment to a fraudulent company from your bank account.
  • Open a new bank account in your name.
  • Place orders on a shopping or restaurant delivery site.
  • Redirect unemployment benefits.
  • Access and steal personally identifiable information.
  • Change account information, including your phone number, email, home address, or login and passwords.
  • Use the information they obtain to access other accounts.
  • Sell the account information.

For all the problems that account takeover fraud can create, it can be alarmingly difficult to detect. Often, fraudsters change your account preferences so you don’t receive notifications that might otherwise tip you off that something is amiss.

The best advice we can give you is to play defense. Specifically:

  1. Pay attention to password change notifications and other account alerts as they come in before fraudsters have the chance to disable them. If you’re notified of activity you don’t recognize, look into it right away. Don’t wait.
  2. Never share multi-factor authentications received by phone.

What do you do if your account has been hacked?

If you discover your account has been hacked, you’ll want to follow a few basic steps to limit the damage.

  1. Report the fraud to the company or agency involved. You may need to close your account or upgrade your account security.
  2. Check your accounts. Assess whether your other accounts have been affected, especially those that use the same password.
  3. Change your passwords. Update account information for the affected account and any others that share passwords with it. Better yet, you may want to take this opportunity to change and upgrade your passwords across the board.
  4. Consider your credit. If you haven’t already, you may want to freeze your credit or add a fraud alert to your credit reports and activate credit monitoring.