"Why did you just message me on Facebook saying you're in a mess and need a favour?

- asked my friend from across the room.

Panic rose immediately. I hadn't messaged her. I rushed to grab my phone, to see an old friend I hadn't spoken to in years calling me, along with around 20 new text messages and 10 missed calls from what seemed like almost everyone I knew.

It hit me - I had been hacked. Someone had taken over my Facebook account and was messaging my contacts, pretending to be me and asking for money to pay bills. 

‍

‍

This is an example of account takeover fraud. In 2023, it resulted in nearly $13 billion in losses. It's a form of identity theft where fraudsters hijack an online account to steal funds or sensitive information. Its effects reach far beyond the financial loss but also leaves victims feeling violated, vulnerable, embarrassed, and mistrustful of online platforms.

With 73% of consumers believing the brand is accountable for account takeover attacks, this article examines why account takeover is so dangerous and how you can detect this malicious activity on your platform using behavioral analytics technology.

‍

How does account takeover fraud work?

Account takeover fraud typically begins with fraudsters obtaining a user's login credentials through methods such as phishing, data breaches, and credential stuffing. Once they gain access, they use various techniques to extract funds or sensitive information. They often change account settings, like email addresses and phone numbers, to lock out the legitimate owner and avoid detection.

AI is making it even easier for these cybercriminals. Generative AI tools, such as ChatGPT, can be used to craft convincing phishing messages that mimic legitimate communications with linguistic fluency. AI-driven chatbots can now engage with customer service to manipulate account settings or bypass security questions. And AI can analyze large volumes of stolen data to find valuable login information more quickly and efficiently.

Once the hacker has gained access, they often employ the following tactics to extract money:

• Impersonation: Like the example above, hackers might impersonate the account holder, reaching out to friends, family, or colleagues for urgent financial assistance, often creating believable stories about emergencies.
• Internal transfers: On financial platforms, they might transfer money to mule accounts, which are set up specifically to receive and then funnel the stolen money away.
• Purchases and reselling: Hackers may make unauthorized purchases, often of easily re-sellable goods, converting stolen funds into tangible assets.
• Subscription services: They may sign up for subscription services using the stolen account, benefiting from the account holder’s funds without immediate detection.

Platforms most at risk include social media sites, online banking, e-commerce platforms, and any service that involves financial transactions or sensitive personal data. By understanding these sophisticated methods, online platforms can better implement robust defence measures to protect against account takeover fraud.

‍

Why should account takeover fraud be taken seriously?

• Legal requirements: Online platforms have a legal duty to protect user data under regulations like GDPR and CCPA. These laws mandate stringent data protection measures and require platforms to proactively prevent security breaches, including account takeovers. Failure to comply can result in hefty fines and legal consequences. 

• User trust: Users lose trust in a platform's ability to protect their data if their accounts are compromised. This can lead to a decline in user engagement and customer retention, as well as long-term damage to the platform’s reputation. Negative publicity can deter potential new users and drive existing customers to competitors.

• Losses: Victims of account takeover fraud may suffer direct financial losses through unauthorized transactions. On gaming sites, they could lose valuable badges or high scores. For airlines, it could mean the loss of accumulated air-miles, while on other platforms, loyalty points could be wiped out. These significant and often irrecoverable losses can lead to users leaving the platform due to frustration.

• Psychological impact: Victims often feel vulnerable and violated knowing that a stranger has accessed their personal messages, financial information, and private details. This invasion of privacy can lead to anxiety, stress, and a pervasive mistrust of online platforms, which can be long-lasting. They may also feel embarrassed about falling for the scam or not being more cautious with their passwords.

• Broader implications: Compromised accounts can be used to perpetrate further fraud, affecting other users and amplifying the damage. The costs associated with mitigating these attacks, including customer support, remediation efforts, and potential legal fees, can be substantial.

‍

Protect your platform with account takeover detection 

When my social media account was hacked, it took me nearly an hour to report the incident and regain access. By then, it was too late - one of my kind friends had sent money to a bank account set up by the hacker in my name. Despite reporting this to the bank and the police, the money was sadly never recovered.

Desperate to find the culprit, I donned my investigative hat to discover that the hacker was using a completely new IP address. This, along with the unusually high amount of activity, were clear behavioral anomalies for my account.

For platforms using fraud detection solutions, this is where Themis's behavioural technology excels. Our continuous monitoring quickly detects these suspicious behavioral signals that indicate fraudulent behavior, such as:

• Unusual activity spikes: Sudden increases in messaging or transaction activity.
• New geolocation: Logins from unfamiliar IP addresses or geographic locations.
• Repeated text patterns: The use of the same text being copied and pasted across multiple messages.
• Network: Checking if the behavior matches anyone in our repository of bad actors across multiple platforms.

By identifying these anomalies, Themis can quickly alert online platforms to potential account takeovers, enabling them to take swift action to prevent further damage. 

‍

With advancements in AI, staying one step ahead of the fraudsters is more important than ever. Not only will this offer peace of mind for your users, but it will maintain the reputation of your platform.