Account Takeover
What is account takeover (ATO)?
Account takeover (ATO) is when a hacker successfully takes ownership of one or multiple online accounts. This form of fraud is often carried out by the hacker using stolen login credentials to gain access. There are a number of ways hackers can gain access to login credentials. They might initiate a brute force attack that churns through a multitude of password combinations in hopes of cracking the code. Hackers will also carry out phishing or spear phishing attacks to attempt to fool an individual into handing over their login credentials. Botnets are also used by hackers to carry out high-volume login attempts using common usernames and passwords without being detected.
Email security refers to the standards, best practices, and technologies used to protect personal and corporate email accounts and communications. While consumers typically rely on Internet service providers to provide their email security, small-to-midsized businesses and enterprises typically manage it in-house.
Email has been a popular target for cybercriminals since its inception due to the relative ease of creating and launching email attacks. As the popularity of email increased, so too have attacks. Today, email is the #1 attack vector, making email protection critical to the health, reputations, and futures of businesses and organizations.
Consequences of account takeover
Account takeover fraud can result in compromised personal information, identity theft, and large-scale data breaches. When left unchecked, account takeover fraud can damage consumer trust, derail business objectives, diminish your security posture, and expose sensitive company data that could result in severe financial losses.
Sporting goods retailer Decathlon had more than 123 million accounts and over 9GB of data exposed in February 2020. The business was able to prevent further damage less than 24 hours after being notified of the breach, but by then the damage had already been done.