LibraryblogInside the threat: Exploring the 6 major types of account takeover fraud

Inside the threat: Exploring the 6 major types of account takeover fraud

Fraudsters are employing ever more sophisticated methods, resulting in a variety of approaches they can use to seize control of accounts. The selection of account takeover schemes by these attackers hinges on their objectives and the resources at their disposal.

Header image
Chris Hooper
Director of Content at
April 3, 2024
Fraud Prevention
On this page
1. Understanding ATO: definition & overview
2. Why is it such a threat?
3. Who is vulnerable to account takeover fraud?
4. Types of account takeover
5. Where is your business at risk?
6. How to recover from an account takeover attack
7. How does Veriff help?
8. Speak with the fraud prevention experts at Veriff

The techniques fraudsters use are becoming increasingly complex, with multiple means for criminals to take control of an account. The types of account takeover fraud chosen by the attacker will depend on their goal and the resources they have available. 

Don't miss the chance to explore the latest trends and gain actionable insights essential for combating fraud and protecting your business. Download our Identity Fraud Report 2024 today!

Account takeover (ATO) fraud is one of the greatest threats facing online businesses today. Not only can the crime cost businesses huge sums of money, but it can also overburden IT and customer services teams and ruin the reputation of your business. It’s no wonder that fraud detection is now a key priority for organizations around the globe. 

To help you guard against the threat of this fast-growing form of fraud, in this guide, we’ll cover the major types of account takeover fraud and the steps you can take to stop fraudsters in their tracks. 

1. Understanding ATO: definition & overview

ATO is a form of identity theft. It occurs when a bad actor takes control of a user’s account without their permission to commit fraud.

The process of taking over an account involves two steps. First, the fraudster will steal or purchase a user’s credentials on the dark web. They can then log into a user’s account.

During the second stage of the process, they will make a series of non-monetary changes to the account, such as changing the password or altering the victim’s personally identifiable information.

Once these two steps are completed, the fraudster has gained complete control of the account and has locked the original user out. They will now make a series of monetary transactions or sell the account to someone else.

The fraudster will then attempt to replicate their success by taking control of a user’s other accounts. This becomes possible if they have used the same password and login information for multiple accounts.

2. Why is it such a threat?

There are several reasons why account takeover fraud is one of the biggest threats facing businesses today. First, the methods employed by fraudsters attempting to gain control of accounts are becoming increasingly sophisticated and hard to detect. For this reason, businesses that do not take the ATO threat seriously could soon become the target of fraudsters.

If a fraudster gains access to a user’s account and uses that account to make purchases,  the customer will likely blame your business for the security breach (even if the lapse in security was their responsibility). For this reason, an ATO attack can irreparably damage the relationship between a business and its customers and cause wider reputational damage.

But the cost of account takeover fraud isn’t purely reputational. After all, if a criminal gains access to pilfered login details via an account takeover, it can have significant financial repercussions for a business. IBM reports that the typical corporate breach costs close to $5 million. Larger organizations are particularly prone to account takeover attempts as they are more appealing targets for cybercriminals.

On top of this, ATO attacks impact almost every department in a business. This is because the consequences of a security breach mean:

  • Your IT team must investigate any hacks and the robustness of your security system
  • Your finance team must fight chargebacks when fraudsters claim a refund on a product through bogus means while retaining the item 
  • Your customer support team will be overwhelmed by customers who are trying to reclaim their accounts

3. Who is vulnerable to account takeover fraud?

Account takeover fraud is growing all the time for one reason – almost everyone is vulnerable. This is because fraudsters can deploy the same techniques across a range of different accounts.

Some common targets for account takeover fraud include deposit accounts, government benefits accounts, checking  accounts, online gaming accounts, store loyalty cards, credit cards, and email accounts. 

If the fraudsters succeed, there are various ways they can use hacked information. For example, they might order a new card from the user’s credit card company, using it to make fraudulent purchases. Perhaps they could sell the verified information on the dark web or redirect any benefits received. 

Whatever the precise misuse of an account, one thing is clear – it must be stopped in its tracks. 

4. Types of account takeover

The types of account takeover fraud chosen by the attacker will depend on their goal and available resources.

Major types of account takeover fraud include:

Credential stuffing

To carry out a credential stuffing attack, a fraudster will usually purchase a list of leaked credentials online, often through a large data dump. Using this information, they will test combinations of usernames and passwords across various websites until they can gain access to an account.

Sadly, leaked credentials are widely available on the dark web. Because many users either select weak passwords or reuse them, this type of account takeover fraud has a high success rate.

SIM swapping

Two-factor authentication provides significant security benefits. Customers access their accounts not just through a password but also by using a secondary method: utilizing a one-time code sent to their mobile number, which is a common approach. 

With a SIM swapping scam, fraudsters seek to overcome this technique by transferring a user’s phone number to another SIM card; they can use it then to get authentication codes meant for your number. They can use this to access your bank accounts, social media accounts, and more, as well as notes technology giant Microsoft. 

The criminals achieve this through various forms of ‘social engineering’: for example, using social media to harvest data and personal information (such as their mother’s maiden name) that they can then use to trick a mobile carrier into transferring their mobile number to them.  

Once this process is complete, the fraudster can attempt to log into the user’s banking app. If the bank’s authentication processes include text messages as a means of delivering one-time passwords, then the fraudster can access the user’s account and perform fraudulent transactions, add payees, or perform other operations during a banking session.

Phishing scams

Phishing is a common online security scourge that comes in various forms. Perhaps the best-known type sees attackers send emails – or a text message or another communication method – with fraudulent links.  These links could feature dangerous malware designed to inflict harm on systems. 

Phishing could also seek to gather information. If the user clicks on the link, they’re taken to a fake login page where they’re asked to enter their login credentials. This information is then captured and can be exploited by the fraudster. Phishing attacks can be incredibly damaging, as a fraudster can target thousands of users at any one time.

Another danger is spear phishing, which is a much more targeted attack. Criminals use social engineering and background sleuthing to target a specific individual rather than thousands of people.

For instance, a criminal may use a user’s email address to find a linked Facebook account. Using the information on this account, they may find that this user has a sister. Following this, they’ll create an alias so that the spear phishing email appears as a genuine message from the user’s sister asking for sensitive information.


With a malware attack, a fraudster takes control of a bank account by installing malicious software (known as malware) on the victim’s computer or mobile phone.

This happens when the user downloads an app, a piece of software, or an unverified update from an untrusted source. Some forms of malware, known as keyloggers, will then intercept and save everything the user types, including their online banking details.

Man-in-the-middle (MITM) attacks

During a MitM attack, fraudsters position themselves between the financial institution and the customer. This allows them to intercept, edit, and send and receive communications without notice.

MITM attacks exploit how data is shared between a website and a user’s device – whether that’s their computer, phone, or tablet. They will commonly set up a malicious public Wi-Fi network that a user will unwittingly access.

For example, a coffee shop may set up a Wi-Fi network called ‘free coffee shop Wi-Fi’ or something similar. A user looking to take advantage of public Wi-Fi will then transfer their payment data through the network, which is controlled by the criminal actor.

Call center fraud

Call center fraud is common in the banking industry. Before they attempt to access a bank account, a fraudster will contact the victim and ask them to verify their PIN, security questions, and multi-factor authentication tests. The victim then unwittingly provides the fraudster with all the information they need to access their account.

5. Where is your business at risk?

Fraudsters target businesses that rely on lax security systems and inadequate fraud prevention measures. To prevent account takeover fraud, businesses must implement security measures. 

Such security measures should include both internal security processes and customer-facing security processes. By following cybersecurity and data protection best practices, a business can ensure that it won’t be the cause of a data breach. These processes and best practices should include things like automatic notifications when something changes on a customer’s account, multi-factor verification, and detection tools 

Businesses should invest in systems that help them accurately verify the identity of users before they’re allowed access to their accounts. By reducing reliance on static passwords and instead prioritizing biometric identifiers, a business can lock fraudsters out of an account before they can make any changes.

Similarly, businesses should have systems to help detect suspicious activity in case a fraudster successfully takes over an account. These suspicious signals could include a high number of authentication attempts on different accounts from the same IP address, mass password reset requests, and multiple changes to an account at any one time.

On top of this, businesses should ensure that their customers are keeping their data private and secure. They should encourage their users to:

  • Educate themselves on how to beat and detect identity fraud
  • Learn more about the techniques used by fraudsters
  • Create unique passwords for each of their  accounts
  • Never click on suspicious links
  • Deploy multi-factor authentication on their accounts 
  • Never give out their data and passwords to others

6. How to recover from an account takeover attack

To bounce back from an account takeover, your organization must take four key steps.

  • First, secure all affected customer accounts, preventing fraudsters from causing any more damage
  • Second, the accounts must be reclaimed and returned to the affected customers. This stage demands direct communication with customers to explain what has happened; they should be invited to change their password and confirm all associated credentials
  • Third, conduct a thorough review that outlines how the takeovers happened and how well your organization responded
  • And finally, analyze how you can stop such an attack from happening again by boosting security measures and building up your fraud detection capabilities 

Facial biometric authentication can help your organization prevent ATO. Using the unique facial characteristics of an individual to access their account makes it more secure and offers a better user experience.

7. How does Veriff help?

At Veriff, we’re proud to offer a range of class-leading solutions that can help you secure user accounts and lock out bad actors. Our identity verification solution and AML and KYC solution can help you verify new users at onboarding, while our biometric authentication solution can be used to authenticate returning users and prevent account takeover fraud. 

This solution is much more reliable than passwords and one-time passcodes and is perfect for securing user accounts. It also allows you to lock fraudsters out of an account before they can change a customer’s details or attempt to make a purchase.

Not only is our biometric authentication secure, but it also accelerates the user authentication process. Utilizing facial biometrics (via the use of a selfie) to match the returning user compares the image with our existing session data and quickly identifies the user. As a result, it eliminates friction and facilitates a smoother user experience.   

Led by powerful automation, our software can authenticate any user’s identity in only one second. 

8. Speak with the fraud prevention experts at Veriff

Your business must put the correct detection processes in place to prevent fraud. These processes and systems can stop fraudsters before they’re able to access a user’s account and can be used to resist all the major types of account takeover fraud.

If you want to discover more about how our class-leading solutions can help a financial services business like yours, talk to our fraud prevention experts today. We’d love to provide you with a personalized demo showing exactly how our solutions can help keep your business and customers safe. We offer a variety of plans to help you build your defenses and look to the future. 

Download report now

Get all the latest global identity fraud data and insights you need to keep your business safe.