Account takeover (ATO) is a form of identity theft in which a criminal obtains access to a user’s online account (i.e. they take over the account). They usually use the account holder’sown credentials, data, or personally identifiable information to gain entry into their victim’s accounts.
Then the attacker masquerades as the legitimate user, customer, or account holder in order to change the account’s details, purchase items, withdraw funds, or obtain access to other accounts.They often start by changing contact information, the password, or other information to lock the legitimate user out, giving the criminal time to benefit from their illegitimate access. Attackers also can monetize stolen account credentials by offering them for sale on the dark web. This is often a preferred route as the attackers can make a lot of money quickly, plus it enables other criminals to perpetrate ATO fraud in the future.
Bad actors use various techniques to acquire the credentials needed to take over an account. These include data breaches, phishing, SIM swap attacks (using social engineering to swap a user’s SIM card and take over control of their phone), malware, social engineering, and Man-in-the-middle (MitM) attacks (aka Man-in-the-Browser).