TMCnet Feature
November 18, 2020

Stop Account Takeover Attacks

Identity theft is one of the oldest crimes in human history. Cyber-related identity theft may have popularized the crime but it goes back well beyond the age of the internet. One of the most popular subsects of identity theft involves Account takeover (ATO) attacks.

An account takeover is a fraudulent activity that leads to unauthorized access to an account that belongs to another person or entity.

Who is at risk of an account takeover attack?

Traditionally, financial institutions have always been the biggest targets of account takeover attacks. However, over the years, different organizations have also reported cases that resulted in identity theft or financial losses.

Any platforms that have customer-facing login are at risk of experiencing an account takeover attack. This is why most platforms now require users to use multi-factor authentication when logging in.

In more recent developments, account takeover criminals have targeted US government stimulus. Earlier this year, the US started a stimulus package for families with an annual income of less than $100,000. Shortly after, news emerged that cybercriminals were targeting individuals seeking government release amid the adverse effects of COVID-19.

Financial services firms must prepare to fight ATO

However, with the stimulus only running for a period of time, it is only a matter of time before criminals turn their attention back to the financial sector. This calls for financial firms to prepare by enhancing the security of their platforms through technologies like multi-factor authentication.

Multi-factor authentication is a process that basically authenticates users as they log-in to the online platform. This can involve using a knowledge-based authentication where they ask the user to provide details like the name of their favorite pet or a one time pin or code sent to a mobile phone number or email address.

Who uses multi-factor authentication?

In a survey carried in 2019 in the US, the report showed that most platforms about 96% have some form of multi-factor authentication. The report showed that 65% of the firms polled used a knowledge-based authentication while 50% preferred a one-time pin (OTP) or code.

Some reports have suggested that criminals have already found a way to bypass 2-factor authentication. They do this by tweaking phishing software and utilizing advanced browser imitation tools. This suggests that the popular 2-factor authentication log-in process is no longer as safe as it used to be. This is why financial services firms are now moving towards a multi-factor authentication process that could involve, OTPs, knowledge-based authentications, as well as, time-limited codes.


In summary, the age of account takeover attacks has evolved over time. Now, some cyber criminals even boast that they can easily bypass the popular 2-factor authentication. This means that financial institutions are at a higher risk of being breached despite the efforts they have taken to implement new security measures. The solution to this problem is to keep evolving with technology and adapting their platforms to the latest security tools in the market.

And while ATOs appeared to have diverted attention towards the government stimulus earlier this year, it is inevitable that that attention will soon be refocused towards financial services firms, their historical primary target.

» More TMCnet Feature Articles


» More TMCnet Feature Articles