One of the biggest problems facing both consumers and businesses is identity theft, which continues to rise in our country. In fact, identity theft occurs every 3 seconds. Think about that – in the time it takes you to read this sentence, 3 or 4 people were victimized. It caused losses of $16.9 billion in 2019, and that number is rising. It’s crazy, so you have to do all you can to protect yourself from the cybercrooks that are lurking out there, just waiting to victimize you as well.
A new twist on identity theft is “account takeover fraud,” or ATO. It can impact consumers, businesses, and organizations, and it’s spiraling out of control – it increased 79% this year. Everyone is vulnerable, from people to companies. Once a criminal has your account information, they’ll log in and take over your account.
Types of Accounts
So, what types of accounts are the thieves targeting? It ranges from email accounts to social media to bank accounts to medical record accounts to – well, just about any account you may have. It could be online store accounts, places you’ve shopped on the web, or it could be the latest target – loyalty and reward accounts where cyber thieves steal points.
Once a thief takes over your account, they can use it to gain more information about you (or the company, if it’s a company account). That way they can gain additional access to other accounts, and ultimately steal all of your information – and funds. There are IRS breaches, bank account money breaches, ATM breaches – your information is the key they use to unlock all of your private and financial information.
How do Thieves Gain Access?
How does account takeover fraud happen? If you look at your smartphone or tablet, and go to settings and then “WiFi,” you’ll see a list of names, including your home (or business) WiFi name. A cyberthief cruising around your neighborhood can do the same thing with his or her smartphone – and once they see an unsecured account, they can hack in and steal whatever account information they want. Once they’ve got it, they have access.
Another way cyber criminals gain access, particularly with businesses, is through phishing emails. An innocent-looking email with “proper logos and identification” comes through, and you click on it. Bang! It downloads malware, which includes hacking software that grants the bad actors access to your computer, and your accounts.
Data breaches of companies are another entry point because once a criminal has access to a company’s data, they can easily find other associated employee accounts and steal that information as well. Another entry point for thieves is phone apps that are downloaded from a third-party website rather than the app store itself. Many affiliates provide apps to download, and sometimes those pages have malware embedded in the apps.
Sometimes, people and employees at businesses make things easier for cyber thieves to steal account information. Far too easy! First of all, there is way too much personal information about you on the web. Every time you surf on the Internet, your visits are tracked by Google, who then sells them to people search sites or data brokers. They want to know where you visited, what you may have purchased and then they provide links to those people’s search sites. Your information is then used to hack into your accounts.
What you need to do is remove all unauthorized personal information from people’s search sites. Unfortunately, there are more than 100 of them, including Intelius, BeenVerified, Zabasearch, and PeekYou, among many others. Trying to do this by yourself can take weeks, if not longer because each one has their own methods of opting out and deleting info. Instead, you can use OneRep, which automatically goes to all of the people’s search sites and wipes all of your personal information of the web – for good! It’s fast, easy, and affordable.
Thieves may trick friends or relatives into thinking they’re texting or emailing with you – but it’s only the thief using your information. Once they have them tricked, they can get more info about you and hack into more accounts, stealing even more information.
Passwords are another way cyberthieves can hack into your computer and commit an account takeover fraud. Too many people use the same password for every account, and once a cyber crook has it for one account, they have it for every account. To be sure you have a strong password, you need password management software to generate and track your passwords. Some of the top ones include Dashlane, Keeper, and LastPass, among others.
Surfing at public places can put your information in jeopardy, where a cyber crook can grab your login info and then go after committing account takeover fraud. This can happen at local coffee shops, malls, and restaurants – anywhere they offer free WiFi for their customers. You need to log on to the Internet using a Virtual Private Network (VPN) using special software like TunnelBear, HotspotShield, and IPVanish. It’s the level of protection you need to thwart those cyber crooks.
Also, if you have access to two-factor authentication for your accounts, use it! Most people shy away from the extra effort, but it’s well worth the time because it provides you with additional security and peace of mind. Use passwords, facial recognition, and fingerprint security on your phone and devices when available.
How Can You Tell if You’re a Victim?
There are several tell-tale signs that you’re a victim of ATO. If you haven’t received any correspondence from an account in a while, or you’re not receiving your monthly bills, contact the account immediately. Another clue is if you try to enter your password and it doesn’t work. Once you realize that you’re a victim, it’s time to take action.
What if You’re a Victim?
If you feel you’ve been the victim of an account takeover, you’ll need to contact all of your accounts and you may need to provide proof that you’re the actual owner of the accounts. In addition to contacting the accounts that have been compromised, be sure to report the account takeover fraud to the FBI and the FTC.