Why you should know about Account Takeovers (ATO)

For years, Hollywood has made money on stories where the main characters go through all kinds of difficulties because someone steals their identity. In these films, the hero or victim whose identity is stolen often ends up with an empty bank account and overwhelming debt. One of the best-known comic examples is the film Identity Thief (2013).  

Even though we may find the film funny to varying degrees, the truth is that no-one wants to have to face this situation in real life. 

Advances in Cyber Threat Intelligence technologies make it harder for cybercriminals to gain access to stolen bank accounts in order to work their mischief and commit fraud, but it doesn’t stop them. Examples of the techniques used by these technologies are the closing of phishing portals, the creation of malicious domain lists, etc. Essentially, Cyber Threat Intelligence is fully focused on the detection and analysis of threats in order to mitigate them as soon as possible and with as little impact as possible.  

Unfortunately, the Internet keeps growing, and focusing security efforts exclusively on the elimination of threats at their root is more and more complex. This is one of the reasons that cybercriminals always seem to be one step ahead. 

Moreover, cybercriminals invest large amounts of money in optimizing their Tactics, Techniques and Procedures (TTP). In fact, thanks to this investment in innovation, they find and learn new ways to overcome the barriers and obstacles deployed by old cyber security models based on the detection of static threats. 

It is precisely this study of Tactics, Techniques and Procedures that is the source of a new threat we don’t hear much about, but which is silently advancing in sectors as diverse as healthcare or retail. We are talking about Account TakeOver or ATO, which of course also affects the online banking sector in a major way. 


Account TakeOver makes it possible to appropriate the victim’s bank account 

This time we aren’t going to go into technical details, in case you don't speak Hacker.  

The goal of an ATO is to take control of a user’s online banking. To achieve this, it deploys a series of well-known tactics such as phishing, malware, fraudulent phone calls, keylogger, etc. Sometimes, the victim may not even be aware they have been compromised, because they have been infected without realizing it; one example would be the case of Remote Access Trojans


Once the cybercriminal gets the account credentials, they access the account and mask their activities so that the bank and the victim take the longest possible amount of time to realize it. The cybercriminal may even use the stolen account credentials obtained to modify the double authentication system and keep control longer.   


How can we avoid becoming victims of Account TakeOver? 

There are several clear recommendations for users that can help prevent this type of attack:  

a. On the user’s part 

  • Review the bank account frequently to see whether there are any strange transactions and/or activate transaction alerts. However, if your account has been compromised, the criminals can deactivate these alerts.  

  • Include various user authentication factors. The more there are, the harder it is for thieves to get all the information they need to take over the account. However, in the case of Remote Access Trojans (RATs) these elements may not be enough.  

  • Be alert to detect any attempt to rob bank information, wherever it may come from: email, text messages, phone calls, strange files, etc.   

b. On the bank’s part 

  • Online banking has multiple tools and solutions at its disposal that can help mitigate this type of attack.  However, the technologies associated with biometric behavior analysis are the most effective, seeing as they make it possible to analyze users based on their own behavior when they engage in online banking.   
  • In this respect, even though a person or a machine may gain control over a bank account, a biometric analysis will immediately perceive behavior different from that of the account’s real owner.  
  • So, instead of focusing on monitoring all the threats that arise, we center our strategy on determining whether the user who is navigating through an online bank account is really who they say they are. 
    Links of interest: 
    This growing fraud will drain your bank account

Check how our solution can help you to resolve your company's online fraud issues by requesting a free DEMO and we explain it to you in detail.

Watch video



Posted by Asaf Yacobi

Asaf is Solutions Architects Director at buguroo. He has over a decade’s experience working with market-leading financial crime prevention vendors. His wealth of industry knowledge stems predominantly from his most recent position with IBM Trusteer, where he served as Regional Presales Manager EMEA, as well as his work with NICE Actimize, where he worked across roles including technical implementation leadership, business development, and system engineering across APAC and EMEA.

Did you like it? Share in your social communities