Cybercriminals and Account Takeovers

One of the most important parts of managing your company’s website is keeping your users’ information safe. Part of this is making sure unauthorized people don’t have access to user accounts which can include personal information and access to their earnings and banking information. Cybercriminals are an inventive bunch that makes use of various methods of acquiring access to user accounts and here are some of the more common ones.

How Cybercriminals Gain Access To User Accounts

• Data Breaches: a common topic in the media is the various data breaches that have occurred in recent years that have affected large store chains and credit bureaus. These data breaches often contain user logins and personal information cybercriminals can use to access user accounts. These breaches vary in the amount of damage they can do depending on what was accessed, what was stored, and how it was stored (plain text versus encryption). 
• Social Engineering: a lot of cybercriminals obtain user login information by simply asking users for it. Social engineering (or phishing) occurs when cybercriminals pose as a company representative and ask for important account information so they can gain access. In many cases, customers are completely unaware they have been ‘hacked’. Very official looking (or sounding) emails and phone calls are a common social engineering format.  
• Account Takeover: finally, account takeovers can be one of the hardest types of illegal access methods to detect and can happen to your company even if your information has never been breached. Account takeovers often occur as a result of data breaches at other companies that result in user login information being leaked. Where this becomes a problem for your company is in cases where account holders have reused common username and password combinations.    

Account takeovers are one of the more creative ways cybercriminals access accounts and such attacks are often focused on websites where users make money or carry an account balance. If your business is a platform that users make use of sale purposes, you could be a target for account takeovers and an added layer of security can increase user safety.   

Preventing Corporate Account Takeover

Now, you’re likely asking if a criminal is simply logging into the account like a normal user how does account takeover protection help prevent such break-ins? The key isn’t detecting logins it’s detecting if the login information has been leaked or made public before. Account takeovers work on the concept that people tend to reuse login information due to convenience or sheer laziness. Once one website has been breached the collected logins may work on any number of other websites depending on a user’s habits.  

Such hacks are public knowledge and the associated user login information lists are shared through various anonymous dark web-based sites and chat rooms. To simplify when you have account takeover prevention services in place when a user login in their login credentials are cross-checked with a list to see if that information has been leaked before in other data breaches. If there’s a match the takeover prevention software forces the user to update their login credentials via an email sent to their profile’s associated email address. Because this account reset requires access to a user’s email address this adds another layer of safety as email addresses often make use of two-factor identification.

The simple fact is people reuse passwords and a completely unrelated site being breached can put your users in danger. Something as simple as forcing a password reset into something they haven’t used before can greatly increase user safety and prevent account takeovers.

Final Thoughts

Cybercrime isn’t going anywhere unfortunately and various types of hacks and information theft are a danger you have to be prepared for. Prevention of account takeovers helps protect your users from various data breaches that you have no direct control over. In addition to this having such safety measures in place has the added bonus of reducing password reuse.