Last year, 24 million households in the United States were affected by account takeover scams. Victims of these scams lost $12,000 on average. Right now, scammers are targeting financial institutions, cloning their websites, and tricking users into forfeiting their login credentials. Read on to learn how account takeover scams happen, the reason behind the sudden increase, and how SECU is protecting our members.
What is account takeover fraud?
Account takeover (ATO) is a form of identity theft, in which scammers gain access to your accounts using stolen login credentials.
They may attempt to gain access to:
- Social media accounts
- Email accounts
- Government benefits
- Cell phone carriers
- Online financial institutions
- E-commerce accounts
In the past, scammers primarily targeted social media accounts. However, their tactics are evolving rapidly. Scammers are now using ads on search engines like Google to take advantage of unsuspecting people.
Fake websites allow scammers to mimic trustworthy sites like secumd.org. These fake sites are then advertised on search engines, ensuring they appear at the top of the results. Because ads appear first, these fake sites often appear above even official company websites. Unsuspecting users click on the ad, assuming it’s the website they’re looking for.
When they land on the website, it looks like the real thing. Unfortunately, entering login credentials on a fake website gives scammers exactly what they need to commandeer your account.
Once they have your information, they may attempt to log in to other accounts with that information. They might even change your login credentials to ensure you can’t kick them out of your account. From there, they can gain access to other accounts, order new cards, or even steal your identity.
What other methods are used in account takeover scams?
Although recent ATO incidents stem from fake websites, there are other methods scammers may use to gain access to your accounts. Here are two of the most common tactics you need to know about.
Scammers contact you by email, text, or phone, claiming to be from a company you do business with. They may say a payment was declined or an order couldn’t be delivered to your address. To resolve the issue, you need to log in to your account and update your information. Often, they’ll direct you to click on a link that allows them to gain access to your information. Learn more about how to protect yourself from phishing scams.
If you’ve suddenly noticed that a user you follow on social media is promoting an investment opportunity, that could be a sign their account has been taken over. They might even show up in your direct messages with an offer. Take them up on the opportunity, and they’ll attempt to gain access to your account in order to keep the scam going on your followers.
How can you protect yourself from account takeover scams?
Stay informed. If you know these scams are happening, you know what to look for. At SECU, we stay on top of the latest scams, so you don’t have to. Ensure you’re subscribed to our mailing list and follow us on Facebook, Instagram, or LinkedIn.
Bookmark important sites. Don’t get tricked by fake websites and misleading ads. Check the URL of the website you’re using, and bookmark pages you frequently visit like your bank and credit card carrier.
Protect your login credentials. Be careful who you share your login information with. Never give out your login credentials by phone, email or text, unless you’ve verified the person requesting access to your account is legitimate.
Use strong passwords. Don’t repeat passwords. Using the same password across all your accounts makes it easy for scammers to gain access to your accounts. Instead, consider using a secure password manager to ensure you can use a unique, strong password on your accounts.
Activate multi-factor authentication. Multi-factor authentication adds another layer of security to your accounts. Our online and mobile banking tools both allow you to set up multi-factor authentication. Choose whether to answer a security question or receive a one-time passcode. Even if your login credentials are stolen, a multi-factor authentication process can keep your account safe.
Monitor your accounts. Regularly check your credit report and financial statements for suspicious activity. Also, keep an eye on your inbox for password update notifications. We automatically send real-time alerts if your address, email, phone number, username, or password is changed. This allows you to monitor accounts and react quickly to unauthorized activity. These can alert you to ATO attempts. If you notice suspicious activity, contact your provider right away.
Use the SECU app. The SECU mobile app has biometric login tools that prevent other people from accessing your account. Log in with your unique fingerprint or Face ID on your Apple device. Our app keeps your information safe. Download the SECU app now on the App Store or Google Play.
What is SECU doing about account takeover scams?
Your safety and security is our top priority. In addition to taking action to inform our members about a rise in scams, we’re also taking steps to enhance your protection. We’re working with our partners to reduce your likelihood of encountering fake websites. We’re also working round the clock to monitor member accounts for suspicious activity. If you see something, say something. Call 800-879-7328 if your account has been compromised, or you receive a suspicious email, call, or text regarding your SECU account.