Knowing how to detect account takeover fraud is a problem affecting both individuals and businesses alike. The average cost of a successful attack on an individual is $263. However, it is also one of the most potent forms of eCommerce fraud targeting merchants and enterprise companies. In fact, the estimated cost of these attacks to businesses is over $12.5 billion since 2013.
Moreover, fraudster methodologies for this type of fraud evolve constantly. This makes the problem even worse. However, their are a few known “best practices” used by hackers to execute these attacks. If you know how to identify them, you can put measures in place to prevent them.
How to Detect Account Takeover Fraud
How to Detect Account Takeover Fraud
- Pay attention to Business Email Compromise (BEC) Scams
Corporate finance employees with direct access to the company’s cash flow receive an email requesting a cash transfer. BEC relies on urgency. The email often appears while an executive is away from the office, and requests payment to a known account or vendor. This adds a level of plausibility to the request. In fact, the account is a fraudster account, often with a single digit or two changed from the legitimate one. The FBI business email compromise best practices commonly refer to this attack as “CEO fraud”.
- Setup Systems to Catch Credential Stuffing
Fraudsters purchase large volumes of credentials on the dark web. They then use algorithms to try huge volumes of them to see if any grant access to a customer account. One way merchants can protect against this attack is monitoring their systems for rapid-fire credential entry.
- Never Click on Unknown Links
Account holders receive a legitimate looking email impersonating a brand, financial institution, or colleague. The email asks them to take some kind of action. This is commonly a request to click a link, transfer cash, or input login credentials. In fact, the fraudster is installing malware, intercepting the transfer, or stealing the credentials. Extremely sophisticated attacks even provide a number and impersonate institutional representatives.
- Don’t Panic when Threatened with Blackmail
Email accounts often contain personal information the holder does not want made public. Blackmail attacks find compromising messages or media, and then threaten to release them to the account’s contact list if the holder doesn’t pay an extortion fee. When this attack targets sexually themed content, it is called a sextortion scam.
- Monitor the Backend for a Replay Attack
Fraudsters attack a merchant’s network, intercepting account credentials as they pass between a site form and the backend. Then, the fraudster resends the data to the backend, tricking it into believing its arriving directly from the site. To help prevent this, merchants should monitor their backend for IP address anomalies, time stamp data transfers, and attempt to ID the device sending data.
- Verify Call Center Representatives
Fraudsters contact a call center and use stolen personally identifying information to convince representatives they are the cardholder. They then change account credentials so they can gain access. To avoid this, merchants should use various device authentication methods and train call center employees to ask highly specific questions.
- Be Mindful of Account Purchase Value and Volume
Pay attention to the use of accounts with a longstanding history. A sudden spike in the amount of money spent, or the frequency of purchases, could indicate fraudulent use. Merchant systems should be setup to indicate a deviation from normal shopping patterns.
- Look for Bulk Changes to Account Information
Fraudsters need to change personal information for a variety of reasons. The most common is the name and shipping address, since this is necessary to receive stolen goods.
- Watch for Large Transfers of Rewards or Loyalty Points
Pay attention to customer accounts with a sudden interest in cashing in reward program points. This can take the form of a transfer, or purchases that empty the account balance after a long stand pattern of non-use.
- Know the Status of your Loyalty Program Benefit Account
Loyalty program fraud is when fraudsters target an account’s loyalty points balance. This is a common attack because points are not cash, so card holders often overlook their vulnerability to theft. However, loyalty programs offer account holders value in the form of merchandise, services, upgrades, and other kinds of rewards. Frequent flyer and online gaming accounts are a very common fraudster target. In fact, there is an entire Loyalty Fraud Association dedicated to this single problem.
- Keep Control over your SIM Card
Cellphone carriers can change the phone number attached to a SIM card. This opens the door for fraudsters to convince a carrier to switch a phone number to their own SIM card. Once they do, they can then successfully answer account two-factor authentication requests. After that, the sky is limit for the number of ways they can access other personal accounts and information.
Fraud Detection is Only the Start
The tactics fraudsters use to execute these kinds of attacks vary. However, they all present variations on the theme of trying to profit from unauthorized access to an online account that can be prevented. In fact, it’s easier than you think to implement the best practices to stop account takeover fraud.
Nevertheless, fraud methodologies constantly change. Because what works today may be insufficient to face tomorrow’s threats, individuals and merchants alike should keep up to date on the latest trends in fraudster attacks.
Fortunately, there are a number of individual and eCommerce fraud prevention solutions to help. To learn more about how to protect yourself against account takeovers, chargebacks, and all the other kinds of fraud you’re up against, check out our business directory.