Account takeover

With cybersecurity breaches making frequent headlines, consumers may wonder how to protect themselves. Simply taking measures to guard against identity theft, data breaches and other cyberthreats may not be enough as bad actors become more sophisticated.

Let’s review a common tactic called Account Takeover and the ways they are executed. The bad actor’s goal is to take over legitimate accounts and use them to steal information, either selling that information or using it for their own personal profit.
Mujer trabajando en una computadora portátil

Account takeover + BEC

Business Email Compromise (BEC) is when a cybercriminal launches a successful phishing attack to gain control of their victim's email account. Once inside, the criminal will either launch additional phishing attacks on the account holder’s contacts or insert themselves into an existing conversation. Their goal is to steal personal information or obtain financial gain by leading you to believe you are interacting with someone you trust.

Account takeover + wire fraud

Wire fraud occurs when a cybercriminal successfully obtains money from their victim via wire or ACH payment.

Ejemplo: Account takeover email with wire fraud pattern

Hi Sam,

How are you doing today? Has our account receivable team sent the invoice? Regarding payment for deposit, we’ll prefer to receive payment via ACH/EFT. I’ll send our ACT remittance instruction upon your request. Please kindly acknowledge the receipt of my email. I await your response as soon as possible.

Other possible scenarios

You’re an attorney working on a legal settlement. Suddenly, the contact at the opposing legal firm you’re conducting business with asks that the settlement be changed from a check payment to an ACH.

You’re working with a vendor, and they send you an invoice with instructions that have suddenly changed or are different than what they’ve used in the past.

While buying a home, you receive an email from your agent with wire transfer instructions for the down payment. The email appears genuine, so you send the money. Days later, your agent asks about the missing payment. Unfortunately, cybercriminals intercepted your communication, impersonated your agent, and redirected your payment to their account.

Identify the red flags account takeover attacks

It’s important that you’re able to identify when an account takeover or wire fraud attack hits your inbox, especially when the attack appears to be coming from a trusted contact.

A reply is received from an old email conversation. The reply includes a link or an attachment that is unexpected.

A reply from a contact suddenly has a different tone. Words like "kindly," or "warmly" are used or the tone becomes more — or less — formal than usual. Spelling or grammatical errors may also be present. A request to hurry or immediately act is stressed.

A wire or ACH transfer is suddenly requested, and instructions may be included. Another form of payment may have already been discussed in writing, or the instructions are different than usual.

The sender asks to change a standard business process that is generally known and accepted.

Take immediate action

  • Take the time to carefully review all your emails. If you feel that an email doesn’t seem quite right, trust your instincts.
  • Don’t respond to the sender or engage with them in any way. Remember, it’s possible that the person on the other end is a criminal.
  • Don’t click on any links or attachments. Links could take you to malicious sites, and attachments may contain code to infect your system with viruses, malware, spyware or worse.
  • Reach out to your contact directly. Use a phone or another method to verify the change requested. In many cases, they may not know their email is compromised.