{"url":"https://www.clear.sale/blog/account-takeover-is-the-biggest-fraud-threat-u.s.-consumers-havent-heard-of","title":"Account takeover is the biggest fraud threat U.S. consumers haven't heard of","tldr":"Only 36% of US consumers know account takeover fraud, one of the fastest-growing online threats. Learn how it works and how to protect your accounts.","markdown":"TL;DR\n\nAccount takeover (ATO) fraud happens when a criminal gains access to one of your digital accounts, such as banking, email, social media, or shopping, and uses it to make purchases, steal information, or lock you out. It is one of the fastest growing types of online fraud in the U.S., yet only 36% of consumers say they are familiar with it. Because most people reuse passwords across accounts, a single breached login can let attackers take over multiple accounts belonging to the same victim.\n\nAccount takeover fraud is a huge problem, but most US consumers don’t know about it. Only 36% of US consumers say they are familiar with account hijacking fraud, even though it’s one of the fastest growing types of online fraud. And unlike credit card fraud, a successful account takeover can often allow criminals to exploit multiple accounts belonging to the same victim. Here’s what you need to know to protect your accounts from takeover fraud.\n\n## What U.S. consumers know about online fraud\n\nClearSale commissioned a survey done by Sapio Research of U.S. consumers to learn about their shopping behaviors, preferences and attitudes about online fraud. Over a thousand consumers who shop online at least every few months participated. What they found is that while the majority of online shoppers are aware of credit card fraud and email phishing scams, not even half were familiar with account hijacking, also known as account takeover (ATO) fraud.\n\nThe high level of awareness about credit card fraud makes sense. This type of fraud hit 270,000 U.S. victims in 2019, making it the most common type of consumer identity theft. Credit card theft and fraud have been trending up in the U.S. for half a decade, but there was a [huge jump in reported card fraud](https://www.fool.com/the-ascent/research/identity-theft-credit-card-fraud-statistics/#:~:text=Although%20credit%20card%20fraud%20is,their%20total%20identity%20theft%20reports.)—more than 72%--from 2018 to 2019. In many cases, credit card theft leads directly to online shopping fraud, which more than half of respondents knew about.\n\nHigh levels of awareness about phishing and email scams are good, too. They’re a sign that corporate and government campaigns to educate people about phishing are working. Despite the widespread awareness among consumers, phishing has been a serious problem for years, especially for businesses and large organizations. One group of threat researchers found that the number of [phishing attacks declined by 42%](https://www.thesslstore.com/blog/phishing-statistics-latest-phishing-stats-to-know/) in 2019, but only because criminals are getting better at focusing their attacks on high-value victims. Still, some attacks [impersonate familiar brand names to trick consumers](https://www.computerweekly.com/news/252481546/Apple-and-Netflix-most-imitated-brands-in-phishing-attacks) into handing over their passwords, so be vigilant.\n\nThen there’s ATO (aka hijacking) fraud. [ATO fraud increased 79%](https://southfloridareporter.com/covid-19-working-from-home-and-cybersecurity/) from 2017 to 2018 in the U.S., and [mobile phone account takeovers increased by 78%](https://www.infosecurity-magazine.com/opinions/battle-account-takeover-fraud/) from 2018 to 2019—a disturbing trend because so many consumers have email, social media, banking and shopping apps linked to their mobile accounts. With so many of us—even fraudsters—stuck at home for health and safety reasons, [online gaming account takeover fraud](https://www.forbes.com/sites/louiscolumbus/2020/05/18/how-e-commerces-explosive-growth-is-attracting-fraud/#b50a0466c4b9) is growing, too.\n\nThis combination of rapid growth and low public awareness means many consumers are at risk for suffering an account takeover attack..\n\n## What exactly is account takeover fraud and what makes it so dangerous?\n\nAn account takeover happens when someone else gets access to one of your digital accounts. Credit card and bank accounts are the ones people usually think of first, but social media, email, shopping and other accounts can also get hijacked by fraudsters. Once they’re in the account, they can use it to do what they want, whether that’s make purchases online, steal information or deface someone’s social media pages.\n\nThere are at least four reasons why ATO fraud is so damaging.\n\n- Thieves can get access to your funds and personal information. Even if they don’t crack your online checking account, a fraudster with access to your Facebook account may be able to shop on Facebook with the payment data you have saved there.\n\n- Fraudsters can take over more of your accounts if you use the same password on them.\n\n- Once a criminal has access to your accounts, they can lock you out by changing the passwords and other contact information.\n\n- With enough of your personal and financial information in their control, criminals can open new accounts in your name to commit more fraud.\n\n## How does ATO happen and how can you protect yourself?\n\nMost consumers are aware of the dangers of fraud and know to keep their passwords a secret, so how does ATO fraud happen? One major cause is out of the average person’s control, but the other is not.\n\n### Data breaches and ATO fraud\n\nData breaches are a huge source of passwords and other login credentials. When criminals find ways to steal data from companies and government agencies, they resell that information to other criminals, who often use it to hijack accounts. In 2019, [more than 164 million records were exposed](https://www.statista.com/statistics/273550/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed/) by data breaches in the U.S., and new breaches are reported every week around the world. There’s not much consumers can do about this trend, but there’s a related step that can limit the damage.\n\n### Secure passwords can limit ATO damage\n\nIf one of your shopping passwords is exposed in a breach, the fraud might be limited to that account. But most of us make it easy for fraudsters to do worse. [More than 84% of us use the same password for multiple accounts](https://securityboulevard.com/2020/05/the-definitive-cyber-security-statistics-guide-for-2020/). That’s like handing a skeleton key to criminals. They can test your stolen login credentials from one account with all your accounts or with common platforms to see what else they can take over.\n\nSo, the first line of defense against ATO for the average person is to use a unique, strong password on every account you have. This means you will need to use a password manager, because you won’t be able to remember then all.\n\nYou can also:\n\n- Consider using two-factor authentication (2FA) on your most sensitive accounts. An authenticator app is more secure than SMS 2FA.\n\n- Check to see if your passwords have been exposed. The Jumbo app and the Have I Been Pwned website are resources that many tech experts recommend for this purpose.\n\n- Regularly check your bank statements and sign up for spending alerts.\n\n- Be careful about following links in emails to login pages. Remember that phishing attacks can arrive via text and voice call, too.\n\n- Consider signing up for credit monitoring and/or putting a freeze on your credit with the three major reporting agencies.\n\n- Report suspicious transactions to your bank; report confirmed fraud to the authorities in your area.\n\nAccount takeover fraud is a serious and growing problem, but consumers can fight it. With good password practices, caution about unfamiliar links and calls, and regular attention to your account activity, you can reduce your risk of becoming an ATO fraud victim.\n\nOriginal article at: [https://technative.io/account-takeover-fraud/](https://technative.io/account-takeover-fraud/)\n\n## Frequently Asked Questions\n\n### What is account takeover fraud?\n\nAccount takeover (ATO) fraud, also called account hijacking, happens when someone else gains access to one of your digital accounts. People usually think of bank and credit card accounts, but social media, email, and shopping accounts can also be hijacked. Once inside, criminals can make purchases, steal information, or deface your pages.\n\n### Why is account takeover fraud more dangerous than credit card fraud?\n\nUnlike credit card fraud, a successful account takeover often lets criminals exploit multiple accounts belonging to the same victim, especially when passwords are reused. Attackers can reach your funds and personal information, lock you out by changing passwords and contact details, and use enough of your data to open new accounts in your name to commit more fraud.\n\n### How common is account takeover fraud in the U.S.?\n\nATO is one of the fastest growing types of online fraud. According to figures cited in the article, ATO fraud increased 79% from 2017 to 2018 in the U.S., and mobile phone account takeovers rose 78% from 2018 to 2019. Online gaming account takeovers have grown as well.\n\n### Why are so few consumers aware of account hijacking fraud?\n\nAwareness is far higher for older, more publicized threats. A ClearSale-commissioned survey of more than 1,000 U.S. online shoppers, run by Sapio Research, found that most are aware of credit card fraud and email phishing, but only 36% said they were familiar with account hijacking. That gap exists even though ATO is growing rapidly.\n\n### How does account takeover fraud usually happen?\n\nTwo main causes drive ATO. Data breaches expose login credentials that criminals resell and reuse to hijack accounts; more than 164 million records were exposed by U.S. data breaches in 2019. The second cause is password reuse: with more than 84% of people using the same password across multiple accounts, attackers can test one stolen login against many sites.\n\n### How can I protect my accounts from takeover fraud?\n\nUse a unique, strong password on every account, which usually means relying on a password manager. Add two-factor authentication on sensitive accounts (an authenticator app is more secure than SMS), check whether your passwords have been exposed, watch your bank statements and set spending alerts, and be cautious with login links in emails, texts, and calls. You can also sign up for credit monitoring or freeze your credit, and report suspicious or confirmed fraud."}