Account Takeover Detection Guide

Covery Blog / Covery, Fraud prevention / Account Takeover Detection Guide

Account Takeover Detection Guide

You surely recall how President Obama, Jeff Besos, Warren Buffet, and other prominent people and companies decided to promote Bitcoin all of a sudden? On July 15th, 2020, all of them tweeted a promise to send back double the sum sent to a specific bitcoin wallet. It was the biggest account takeover attack to date, and Twitter was forced to disable all activity from verified accounts, effectively silencing all influencers worldwide. This attack caught Twitter with its pants down and cost the company dearly, both in terms of stock valuation and public trust. 

However, any business that allows customers to create profiles is subject to ATO fraud. The risk is even bigger if your service allows financial transactions and/or interactions with other users. Just to mention, account takeover numbers grew 378% since the COVID-19 epidemic started. Thus said, a real-time ATO fraud detection and prevention service is a must-have for any online business. 

As comprehensive risk management and fraud prevention platform, Covery has an in-depth understanding of what account takeover is, why it happens, and how to identify ATO fraud on the fly and prevent it. Read on to know how to ensure your business does not follow in Twitter’s footsteps.

What is account takeover fraud?

In simple words, account takeover is an action of gaining unauthorized access to some online account with a malevolent intent. The range of intent can vary from simple stealing of funds to more sophisticated — creating fake reviews to promote fake services, participating in social engineering or bot attacks, selling those credentials on the Dark Web, etc. The scope of threat is humongous, as almost 20% of Internet users were hacked at least once and there are more than 15 billion credentials available for purchase on the Dark Web.

Why do fraudsters perform account takover?

  • Data collection — after obtaining credentials and gaining access to account, fraudsters try to extract any additional data: phone numbers, SSN, address and other details. This increases the value of these credentials on the market.
  • Monetary gain — if there are some funds stored at this account, they can be withfrawn to fraudster’s card or banking account. If there are credit card details stored, fraudster can try to use this card to their own ends, etc.
  • Bonus abuse — if you have any kind of referral program or starter bonuses, fraudsters can combine them to buy the most expensive goods you provide.
  • Virtual currency fraud — selling in-game currency or goods (unique skins, rare resources, etc.) to other players for real money
  • Card testing — using long-standing accounts to test stolen credit card credentials allows fraudsters to stay under the fraud prevention radar for longer.
  • Whaling and phishing — using verified accounts to message other verified accounts adds credibility and helps deceive other users, including whales.
  • Ransom — access to important accounts is quite valuable and fraudsters can require ransom for it.
  • much, much more…

As you can see, successful account takeover fraud cases happening at your website, online store or platform can be punishing both for you and your customers. How do you ensure timely ATO fraud detection and prevention then?

Covery — fraud detection & prevention that works

There are several prominent signs of account takeover in progress:

  • Login attempt that falls out of a usual pattern — from a new device, browser, at unusual time, from unusual location, etc. Such conditions should trigger an alert in your anti-fraud system.
  • Potentially risky activity — attempt to reset password immediately after login, funds withdrawal request, attempt to transfer bonuses to another account, you name it.

How to ensure successful ATO fraud prevention then?

  1. You need to monitor your customer’s accounts for these signs of potentially malevolent activity at all times, and have automated response scenarios in place. As soon as your anti-fraud tool identifies account t akeover signs, it should freeze the account in question and inform the affected customer of the situation. 
  2. You should also provide several password reset approaches — via OTP, 2-factor auth, email, etc. Note that emails, SMS with OTP and other password reset tools should be sent to old, not to new credentials.

How does Covery make it happen? As a comprehensive risk mitigation, fraud prevention and chargeback management solution, Covery provides a wide range of tools enabling our customers to timely detect, mitigate and prevent ATO fraud cases.

Device fingerprinting technology helps track customer devices by a wide range of software and hardware IDs to enable accurate recognition. This way, if a device model, OS, browser version, IP address and geolocation, language preferences, screen resolution or any other parameters change abruptly — the system monitors this account closely. Should it perform risky activity like password reset attempts or funds transfer requests — the account is blocked immediately till the situation is resolved with the owner.

This way, Covery anti-fraud platform ensures reliable ATO fraud detection and prevention. And it is just a fraction of value tha Covery can deliver to your business. Contact us and book a free demo to learn how else Covery can help secure your revenues from fraud!


How does account takeover work?

Fraudsters use credentials obtained through data breaches or phishing to gain unathorized access to customer accounts.

Which is the best example of an account takeover?

The most prominent examples of ATO fraud is the fake tweets sent from prominent Twitter accounts on July 15th, 2020 with offers from Barack Obama, Joe Biden, Jeff Besos and other figures to sent back double the sum of crypto currency sent to a specific wallet. 

What is account takeover in banking?

ATO fraud in banking might result in funds loss, reselling of credentials, obtaining illegitimate loans and other forms of financial abuse.

Is an account takeover a data breach?

Yes, because fraudsters might use this data to gain access to more accounts (many people use the same credentials and passwords for all their online profiles) and abuse these details to stage bot attacks, fake promotion campaigns, referral and bonus program abuse, etc.