Why you should know about Account Takeovers (ATO)

Posted by buguroo - 13/11/2017

For years, Hollywood has made money on stories where the main characters go through all kinds of difficulties because someone steals their identity. In these films, the hero or victim whose identity is stolen often ends up with an empty bank account and overwhelming debt. One of the best-known comic examples is the film Identity Thief (2013).  

Even though we may find the film funny to varying degrees, the truth is that no-one wants to have to face this situation in real life. 

Advances in Cyber Threat Intelligence technologies make it harder for cybercriminals to gain access to stolen bank accounts in order to work their mischief and commit fraud, but it doesn’t stop them. Examples of the techniques used by these technologies are the closing of phishing portals, the creation of malicious domain lists, etc. Essentially, Cyber Threat Intelligence is fully focused on the detection and analysis of threats in order to mitigate them as soon as possible and with as little impact as possible.  

Unfortunately, the Internet keeps growing, and focusing security efforts exclusively on the elimination of threats at their root is more and more complex. This is one of the reasons that cybercriminals always seem to be one step ahead. 

Moreover, cybercriminals invest large amounts of money in optimizing their Tactics, Techniques and Procedures (TTP). In fact, thanks to this investment in innovation, they find and learn new ways to overcome the barriers and obstacles deployed by old cyber security models based on the detection of static threats. 

It is precisely this study of Tactics, Techniques and Procedures that is the source of a new threat we don’t hear much about, but which is silently advancing in sectors as diverse as healthcare or retail. We are talking about Account TakeOver or ATO, which of course also affects the online banking sector in a major way. 

 

Account TakeOver makes it possible to appropriate the victim’s bank account 

This time we aren’t going to go into technical details, in case you don't speak Hacker.  

The goal of an ATO is to take control of a user’s online banking. To achieve this, it deploys a series of well-known tactics such as phishing, malware, fraudulent phone calls, keylogger, etc. Sometimes, the victim may not even be aware they have been compromised, because they have been infected without realizing it; one example would be the case of Remote Access Trojans

ato-photo.jpg

Once the cybercriminal gets the account credentials, they access the account and mask their activities so that the bank and the victim take the longest possible amount of time to realize it. The cybercriminal may even use the stolen account credentials obtained to modify the double authentication system and keep control longer.   

 

How can we avoid becoming victims of Account TakeOver? 

There are several clear recommendations for users that can help prevent this type of attack:  

a. On the user’s part 


  • Review the bank account frequently to see whether there are any strange transactions and/or activate transaction alerts. However, if your account has been compromised, the criminals can deactivate these alerts.  

  • Include various user authentication factors. The more there are, the harder it is for thieves to get all the information they need to take over the account. However, in the case of Remote Access Trojans (RATs) these elements may not be enough.  

  • Be alert to detect any attempt to rob bank information, wherever it may come from: email, text messages, phone calls, strange files, etc.   



b. On the bank’s part 


  • Online banking has multiple tools and solutions at its disposal that can help mitigate this type of attack.  However, the technologies associated with biometric behavior analysis are the most effective, seeing as they make it possible to analyze users based on their own behavior when they engage in online banking.   
  • In this respect, even though a person or a machine may gain control over a bank account, a biometric analysis will immediately perceive behavior different from that of the account’s real owner.  
  • So, instead of focusing on monitoring all the threats that arise, we center our strategy on determining whether the user who is navigating through an online bank account is really who they say they are. 
     
    Links of interest: 
    https://www.cnbc.com/2017/05/12/this-growing-fraud-will-drain-your-bank-account.html  

Topics: account take over, ato

 

 

Deep Learning for Online Fraud Prevention


recent posts

Modus Operandi and Cyberprofiling

read more

Hyperparameter optimization

read more

Open Banking and PSD2 in 4 steps

read more