Aurelija Einorytė
Account takeover occurs when a hacker gains unauthorized access to someone's account, while identity theft occurs when a criminal steals someone's personal information to impersonate them. Scammers typically carry these crimes out through phishing attacks and data breaches, but the full list of methods for stealing accounts and identities is much more extensive. These crimes are particularly dangerous because account takeover can lead to identity theft and vice versa. Read the article to learn more about the differences between account takeover and identity theft.
What is account takeover?
Account takeover (ATO) is when a hacker takes control of someone's account using stolen login details. These stolen usernames and passwords often come from shady places on the dark web, where criminals buy and sell them after getting these login details through social engineering, data breaches, or phishing scams.
What is identity theft?
Identity theft happens when someone steals a victim's personal information and uses it without their permission. They opt for full names, addresses, financial details, Social Security numbers, and medical insurance data. Once thieves have it, they can commit fraud, open up new financial accounts in the victim's name, or make unauthorized purchases.
What's the difference between account takeover and identity theft?
Account takeovers happen when an attacker steals someone's account, while identity theft involves a criminal stealing someone's personal data to open new bank accounts, commit fraud, or make purchases without their knowledge.
The table below provides some more perspective on the differences between account takeover fraud and identity theft.
Account takeover | Identity theft | |
|---|---|---|
Definition | A cybercrime where attackers steal an individual's account to extort data or money. | A crime when attackers steal personal information to impersonate someone or commit fraud. |
Target | Bank accounts, email accounts, or social media profiles. | The victim's identity, including Social Security numbers, banking details, and personal address. |
Methods | Phishing, brute force and MitM attacks, credential stuffing, social engineering, exploiting weak passwords, session hijacking, malware, and data breaches. | Phishing, data breaches, dumpster diving for sensitive documents, physical mail theft, social engineering, fake websites, public Wi-Fi snooping, and malware. |
Goals of attackers | To gain access to the victim's account for data theft, malware distribution, financial theft, or fraud. | To exploit the victim’s credit, open new financial accounts, make fraudulent purchases, or obtain government benefits. |
Consequences | Financial loss, identity theft, legal trouble, unauthorized transactions, and difficulty regaining access to accounts. | Emotional distress, financial losses, ruined credit score, legal issues, and damaged reputation. |
Recovery | Changing passwords, alerting service providers, and monitoring the account for further suspicious activity. | Reporting the theft to authorities, contacting financial institutions, freezing credit, recovering personal information, and sometimes working with identity theft protection services. |
Prevention | Using strong, unique passwords, enabling two-factor authentication (2FA), monitoring accounts for unusual activity, and being cautious of phishing attacks. | Regularly checking credit reports, using credit monitoring services, shredding sensitive documents, using a VPN to protect your data online, and being mindful when sharing personal information. |
How does an account takeover happen?
In account takeover fraud, criminals target all sorts of accounts — email, social media, financial, cloud storage, HR systems, and other internal corporate accounts that hold sensitive data and require a username and password to get in.
To steal accounts, hackers usually use credential stuffing, phishing, or brute-force methods. In credential stuffing, for example, they take advantage of the fact that people often reuse passwords, trying login details from previous data breaches on different accounts. Phishing is when attackers impersonate someone trusted to extort sensitive data from victims. Brute force attacks, on the other hand, use automated tools that keep guessing passwords until they hit the right one.
As soon as a stranger gets into someone's account, they change passwords and email addresses or even add their own multi-factor authentication (MFA) device. If that happens, getting an account back might become a nightmare.
Let's take Uber as a real-life example. In 2016, attackers took over a contractor's account with access to an internal Uber network. The breach exposed the personal information of over 57 million users and drivers. The hackers even demanded ransom from Uber to keep the breach quiet.
Signs of account takeover in businesses
Red flags that signal an account takeover fraud include:
- Unusual account activity. Logins from unfamiliar locations or at odd hours might indicate that someone's trying to gain unauthorized access to your business account.
- Changed account details. After hackers get unauthorized access to a victim's account, they often change account information, like emails, phone numbers, or even passwords.
- Suspicious emails. Another red flag is out of the ordinary emails asking you to reset passwords or provide sensitive information. These usually are phishing emails designed to compromise user accounts.
- Unauthorized transactions. This one's a dead giveaway. If an attacker gains access to your financial account, they might start making unauthorized transactions to unfamiliar accounts or make fraudulent purchases using your money.
What are account takeover risks for businesses?
Account takeover attacks might hit businesses hard. After hackers get hold of employee or customer accounts, they always opt for as much as possible — they steal sensitive information so later they could sell it on the dark web, they commit fraud under a victim's name, or even lock you out of your own systems.
One of the main goals of ATO for criminals is financial profit, so the immediate financial loss after an account takeover can definitely be overwhelming. However, the long-term damage to your brand's reputation and customer trust can be even more emotionally distressing.
How does identity theft happen?
Identity theft happens when criminals get their hands on an employee's sensitive data, such as credentials or financial information. They usually extort this information through phishing and social engineering attacks or by exploiting system vulnerabilities. With this stolen data, they can impersonate the employee to make fraudulent transactions or access systems.
In 2020, attackers breached Ubiquiti Networks' systems and stole employee credentials. They accessed company servers and demanded a $2 million ransom. The most outrageous twist was that the attacker turned out to be a Ubiquiti insider who tried to cover up his malicious deed by whistleblowing about the breach. This caused a 20% drop in the company's stock price and raised questions about the enterprise's internal security. That's a clear reminder that stolen identities lead to serious trouble — from data breaches to public fallout.
What are identity theft risks for businesses?
Identity theft isn't just something that causes problems for individuals. It can have serious consequences for businesses, too.
The more on-site, freelance, or remote workers you have, the bigger your attack surface. Which means that if an attacker steals your employee's identity, they could get unauthorized access to your company's assets, carry out phishing and social engineering attacks, and disrupt your business operations.
Imagine a hacker steals your company's tax ID or business registration details — this could let them impersonate your brand. Criminals might trick suppliers into sending goods to their addresses or trick your customers into transferring them money. That would cost you a hefty sum of money and your reputation.
How can businesses prevent account takeover and identity theft risks?
The more of these tips you incorporate into your account protection routine, the safer your company's systems will be.
- Use strong password policies. Make sure your team uses tough to crack passwords. Strong passwords should mix upper- and lower-case letters, special characters, and numbers.
- Implement multi-factor authentication (MFA). MFA is an extra layer of security to your employee's accounts. Even if a hacker manages to steal your employee's passwords, they won't access the accounts without their smartphone or biometrics.
- Monitor account activity. Watch what's happening inside company accounts. Weird log-in times or connections from unfamiliar devices might signal that a stranger is trying to access your data.
- Educate employees about security practices. Make sure your team is armed with all the information about the most common security risks. The more they know, the less likely they'll make mistakes that could let attackers into your systems.
- Limit access to parts of the network. Not everyone needs access to everything. Limit access to parts of your network to those who actually need it for their job. It will help contain the damage in case of a data breach.
- Implement lockout mechanisms. Set up automatic lockouts after a certain number of failed login attempts. This will make it harder for hackers to brute-force their way into user accounts.
We've got something else besides the above methods to prevent account takeover and identity theft. NordStellar is an advanced threat exposure management platform designed to detect cyber threats targeting your company. It runs vulnerability assessments and finds system flaws that could lead to account takeover fraud or identity theft, giving you time to respond to emerging risks.
Contact the NordStellar team to discover how our advanced cybersecurity solutions can protect your business from emerging threats.
