Account takeover (ATO) fraud

Account takeover (ATO) fraud is a form of identity theft where fraudsters obtain a legitimate user’s credentials and take over their online accounts and make unauthorized transactions and/or changes.

Frequently asked questions

What is email account takeover?

Email account takeovers are when malicious actors gain control of legitimate email accounts by obtaining user credentials. This can happen in multiple ways, including brute-force attacks, credential stuffing, phishing, and malware compromise. Once an attacker gets into the account, they can then reset the password to lock out the original account holder, exfiltrate data from emails, or attempt to compromise business networks.

What is a takeover attack in Blockchain?

A takeover attack in blockchain is when malicious actors target cryptocurrency wallets and other applications that leverage secure blockchain transactions. To bypass account security, attackers will often purchase stolen credentials online or conduct social media reconnaissance to carry out spear phishing attacks that convince users to share their login and password details. They may also use techniques such as SIM swapping and SMS rerouting to bypass multi-factor authentication (MFA) defenses.

What is account takeover vs identity theft?

Account takeover is a specific type of identity theft that leverages stolen credentials to access accounts, lock out the original users, and then compromise key data or services by masquerading as account owners. Identity theft, on the other hand, refers to any time someone uses another person’s information to commit fraud or other crimes.

Ready to get started?

Get in touch or start exploring Persona today.