How To Handle Account Takeover Fraud
The reality is that data breaches happen every day. These attacks usually target companies with large databases to obtain people’s account information, including usernames, passwords, email addresses, phone numbers, and addresses. Those credentials serve as keys, granting the person who holds them full access to bank accounts, credit unions, membership cards, credit cards websites, and mobile applications. Later, these credentials obtained by the attacker will be sold on the Dark Web. Sometimes, compromised credentials will be used by the attacker to execute an account takeover – where the attacker will try to get access to the compromised account and use the account information. Such as account numbers, debit card details, billing information, store credits, or rewards to obtain products and services using that person’s existing accounts. Account takeover may also occur by a more engineered approach where the attackers are tricking their targets into giving up their confidential information by making them think they’re communicating with trusted sources via email (phishing), phone (call or smishing), stolen physical mail, etc.
10 Actions To Take Now
- Use multi-factor authentication every time you’re given the option, both to your email and your financial institution’s accounts.
- Use a unique password for your main email account and different passwords for all your financial institution’s accounts.
- Never Save passwords in your email or notes on the computer (or paper notes).
- Monitor your financial accounts and credit report at least once a week and report suspicious activity immediately. Financial institutions and credit bureaus make it very easy for consumers to report fraud and unauthorized activity.
- If you feel like you have too many passwords to remember, consider using a password manager.
- If you work “on the go” and use a lot of public wi-fi, consider using a VPN service.
- Avoid sharing important personal information with untrusted sources (Rule of thumb: always ask why they’re asking me for this info).
- Never give your credentials on social media! Very often fraudsters and scammers pretend to be working for financial institutions.
- Lock your physical mailbox if possible and collect your mail frequently. If you don’t receive physical mail for three to four days in a row, check with USPS that your mail hasn’t been put on hold without your knowledge – this method is sometimes used by attackers to make you miss account changes notifications sent via regular mail.
- Shred documents containing sensitive information, before discarding them.
- Use Cyrus to increase your security on your digital and financial accounts.
Take Control of Your Personal Cybersecurity
Activate Cyrus Protection