ATO or Account Takeover is a form of identity theft in which a criminal gains control of a consumer’s account. In doing so, the perpetrator gains access to confidential information such as the consumer’s PIN, enabling them to change account settings, such as the statement mailing address or passwords, and/or enabling them to make unauthorized withdrawals. ATO can involve one or many of a victim’s accounts — including, but limited to, bank, brokerage, phone, utility, social media, travel or online shopping accounts — and then used for a variety of unlawful activities. Financial account takeover usually involves funds being removed from victim;s accounts either by direct debit, payments or transfers being set up for fraud without the victim’s knowledge or consent. With account takeover of mobile phones, often the perpetrator’s intent is to gain control of the phone-based security authentication factor, usually a code or security token which sent via SMS or authentication software to the phone, which once acquired by the criminal, can grant him/her access to the victim’s bank, brokerage, bitcoin and other financial accounts. The credentials to commit account takeover are usually obtained by criminals indirectly through data breach marketplaces on the dark web or directly from the consumer using malware or via phishing. Once a fraudster gains access to a victim’s account, they often update the account credentials and contact information so the victim no longer no has control over the account no longer will be informed about changes to the account. In most cases, the victims are unaware that their account has been compromised until the damage is done and the perpetrators have covered their tracks.