- SVB pays close attention to the shifting fraud landscape, and when we see new trends emerging we share the information with our clients. One of those trends is the rise of account takeover attacks.
- An account takeover occurs when a cyberthief gains credentials to an individual’s most sensitive online accounts.
- It is vital that you take precautions to safeguard online accounts that go beyond simply using strong passwords and firewalls.
When it comes to fraud protection strategies, companies can’t take a “set it and forget it” approach. Fraud trends and tactics are constantly shifting and evolving in response to changes in the world. In response to new ways of combatting frauds such as business email compromise or phishing scams, fraudsters come up with even more sophisticated and hard-to-detect ways to target and exploit victims.
SVB pays close attention to the shifting fraud landscape, and when we see new trends emerging we share the information with our clients. One of those trends is the rise of account takeover attacks. Here’s what you need to know to identify and protect against these types of scams.
What are account takeover attacks?
An account takeover occurs when a cyberthief gains credentials to an individual’s most sensitive online accounts. These thieves may target an individual’s personal bank account and effectively empty it, leaving the account-holder with zero balance—and potentially no way to recoup their money.
While some online scams are built on brute force—say, using powerful algorithms to crack a password—account takeovers require patience and sophistication on the part of the cyberthief. The criminals aim to learn passwords and login credentials through nuanced means such as:
Phishing (click here to learn more about phishing and other scams)
Placing malware on a user’s device in order to monitor their keystrokes to learn their user ID and password
Impersonating bank employees and asking customers for their passwords, PINs or one-time passcodes. (SVB will never ask for this information.)
Banks across the United States, Canada and Europe are experiencing higher rates of account takeover attacks. Across the country, bank customers are being targeted more frequently and with more powerful tactics. By some measures, account takeover attacks steal nearly 30,000 credentials every minute.1
What can you do?
Take precautions to safeguard online accounts. Those precautions go beyond strong passwords and firewalls: Account holders must watch carefully for unsolicited requests for personal information such as passwords, responses to security questions or one-time passcodes.
Customers can use the following tips to keep themselves out of reach of account takeover attacks:
Don’t respond to unsolicited requests for account or personal information, such as user IDs, passwords, challenge questions or one-time passwords
Be wary of clicking on links in emails or online advertisements
Pay attention to any unexpected alerts about failed login attempts or new devices being added to online accounts
Use anti-malware software such as Trusteer Rapport, available at no cost to all SVB clients
Enable account notifications that cover balance and transaction thresholds, password changes, and any additions or modifications to the user profile
Require dual administration controls in online banking
Set transaction limits and require a secondary approval for payments
Additional Fraud Prevention Reminders
Keep personal and business information protected and secure with strong, unique passwords
Continuously monitor accounts for unusual activity
1 Source: NuData Security/Mastercard, “Account Takeover: Chronology of an Attack.” [https://nudatasecurity.com/resources/infographics/account-takeover-infographic/]
SVB Perspectives provide a unique vantage point on the industries and issues forging innovation.
More on this topic
Editor's Top Picks
Defend Your Company from Business Email Compromise (BEC)
Fraudsters are using increasingly sophisticated strategies to scam companies via email. Here's how you can protect against this dangerous—and pervasive—threat.
Silicon Valley Bank offers fraud prevention services and tools, including Trusteer Rapport, to help you mitigate your risk of fraud. Learn more. Learn more