Account takeovers are on the rise. What can you do about it?

What is an Account Takeover?

An account takeover occurs when cyber criminals gain control of your online accounts using stolen credentials. They typically purchase consumer PII (Personally Identifiable Information) from the dark web, which is often sourced from data breaches, phishing scams, or malware. PII includes information like your name, address, email, phone number, date of birth, social media login details, and passwords.

Once a criminal has access to this data, they can impersonate you, contact your financial institution, and make unauthorized changes to your accounts if proper safeguards are not in place at your financial institution. This could include altering contact information (such as phone numbers or emails), applying for loans, or increasing card limits. In severe cases, they may lock you out of your accounts entirely and implement travel exemptions that can bypass fraud detection systems. 

Common Tactics Used in Account Takeovers

• Phishing & Vishing: Criminals impersonate reputable companies through emails, phone calls, texts, and/or voice messages, with the goal of tricking you into revealing personal information like bank details or credit card numbers. You may be asked to return a call or provide account details, often followed by instructions to respond "No Fraud" to an authentication message.
• Malware and Man-in-the-Browser (MitB) Attacks: These types of malicious software are typically installed onto our device, without you knowing it, when you visit a compromised website. Once installed, the software monitors your web sessions and captures sensitive information, such as payment card details or online banking credentials.

How to Protect Yourself

Maintaining a secure, up-to-date operating system, along with robust anti-malware software, is crucial to preventing account takeovers. Relying solely on one type of security tool, or outdated systems, increases your risk of becoming a target.

Prevail Bank also recommends the following best practices:

• Stay vigilant. Be cautious of unfamiliar texts, emails, or senders. When in doubt, don’t respond—contact the company directly using a phone number from a legitimate source, like an invoice or statement, to verify the message’s authenticity.
• Be mindful of the personal information you share online. Avoid giving out sensitive data unnecessarily.
• If you’re concerned about an automated message, don’t respond directly. Contact the company through its official customer service number or website. This includes bank texts too; if you are unsure or concerned contact the organization through its official customer service number or website.
• Never reply “No Fraud” for transactions you don’t recognize.
• Regularly review your credit report by obtaining one annually from any of the major credit reporting agencies (Experian, Equifax, TransUnion) or through annualcreditreport.com.
• Use unique, strong passwords or passphrases combined with 2-factor authentication for all banking applications.
• Enable a PIN (Personal Identification Number, it’s a numeric code that verifies a user’s identity) or biometric security (like face or fingerprint recognition) on your mobile devices. This adds another layer of protection in case your phone is lost or compromised.
• And, if you are a Prevail Bank customer, sign-up for Credit Sense, It’s FREE. Credit Sense provides credit report monitoring and real-time alerts.

In today's increasingly digital world, vigilance is your best defense against account takeovers. By staying informed, using strong security practices, and taking immediate action when something feels off, you can protect yourself from becoming a victim. Remember, it’s better to be cautious now than to face the repercussions later.

At Prevail Bank, we are committed to helping you safeguard your financial well-being. We have exceedingly strict policies and procedures in place and follow FFIEC control guidelines to help keep your accounts safe. We offer and strongly encourage our customers to use multi-factor authentication for all online and mobile banking tools, in addition to real-time alerts.  If we work together, we can stay two steps ahead of the bad guys.