Account takeover: How can you tell you’re dealing with an online fraudster?

March 25th, 2021
Account takeover: How can you tell you’re dealing with an online fraudster?

Businesses deal with customers online now more than ever, be it via emails, digital transactions, online chat, or app interactions. Just as customers trust businesses to be who they say they are, businesses trust that the customers and third-parties they’re interacting with are who they say they are.

This trust is abused by fraudsters

When fraudsters obtain the access credentials of genuine account holders via phishing or purchasing these on the dark web, they can take control of the latter’s accounts in what is known as account takeovers. In account takeovers, cybercriminals will pose as real users and make transactions in their victims’ name, such as withdraw funds and buy expensive items.

Account takeovers are awful for both your business and your customers

At best, both you and your customers will only worry about getting things as close to normal as possible (but you’ll likely suffer losses that are hopefully covered by insurance). You will have to issue refunds, help customers create new accounts, and delete the compromised ones.

You’ll also have to fulfill the reporting and disclosure requirements as mandated by government regulations. And at worst, both you and your customers will experience a strain in your business relationship and may even sever ties in the process.

You can do something about account takeovers

Account takeovers happen, either because account holders were careless with their credentials, or fraudsters were skilled enough to nab these via sophisticated hacking methods. Whose fault it is doesn’t matter. What matters is that you can actually do something about it.

Account takeovers have telltale signs that allow you to nip bad transactions in the bud and save yourself and your customers a lot of grief. Additionally, your customers will thank you for making them aware of the likelihood that their accounts are being abused.

But how can you tell if the person you’re interacting with is a fraudster? Here are a few indicators that you must always be on the lookout for.

So much new information all at once

Even the most sophisticated fraudsters tend to follow this pattern of behavior:

  • They change account details such as name, email, and telephone number all in one go.
  • They log in to the account using a new device, often within 24 hours of changing account details.
  • They place an order and set a new delivery address.

When this pattern emerges, you’ll want to verify if the customer is indeed who they claim to be. You may want to contact them using their old telephone number and/or ask them the security questions they have personally set (e.g., “What is the name of your first pet?”).

Many disparate accounts suddenly being altered so that they share details

Once a hacker gains access to an account, they lock out the true account holder by changing access credentials. For the sake of efficiency, they may reuse the same credentials for other accounts they take over. Even if they put in the effort to make the credentials for each stolen account unique, they might not have the capacity to do the same for other account details, such as telephone numbers.

When many accounts suddenly share the same details, that’s when you have to verify with your customers and alert them that they may need to close the affected account and start new ones.

Multiple IP addresses

When a fraudster is focused on just one victim, the former may use a virtual private network (VPN) or other tool to change their IP address so that it matches that of the true account holder. However, if the fraudster is handling many accounts at once, they may not bother to alter their IP address to match each user's actual location. This means that access logs for a single account may indicate multiple IP addresses.

Additionally, when a database is breached and an account list is made available online, the same account may be accessed by multiple fraudsters with different IP addresses. Sometimes, accounts are accessed from various locations all over the world in a matter of days, if not hours — and no one can ever trot the globe that quickly

Multiple accounts accessed through one device

Nowadays, when an account holder uses a new device to access their account, they normally get an email alert reporting what they did. This may sound like a useless protocol from access verification software — until you consider that you may receive the same alert but don’t recognize the device model reported.

Businesses may also use the same type of software to spot access attempts using new devices. People borrow or replace devices all the time, so account takeover isn’t as immediately clear as it is from the account holder’s end. However, businesses may use the software to identify instances wherein one device is being used to access multiple accounts. This is a red flag that is worth notifying affected clients about.

Device spoofing

To make their fraudulent activities harder to trace, hackers use a program to mask the device they’re using. This tactic is called device spoofing. Spoofed devices appear as “unknown” to access verification software — which is yet another red flag to report to customers.

While it pays for companies like yours to be vigilant against account takeovers, it may take focus away from your actual business. You need an IT partner that can protect you and your customers from cyberthreats — and HERO Managed Services LLC is that IT partner. Schedule a consultation today to learn more.

Leave a comment!

Your email address will not be published. Required fields are marked *

It’s time to take downtime seriously. Discover why an MSP is your best ally against this threat. Download our free eBook today to learn more!Download here