ATO, or Account Takeover, is a type of attack plaguing US businesses for years. ATO fraud cost US businesses $25.6 billion in 2020—a 500% increase from 2017. 

ATO attacks can target any organization with online accounts, but some businesses are more frequently targeted than others. Financial institutions, e-commerce retailers, social media platforms, and government agencies are at high risk for ATO fraud. ATO increased nearly 300% year over year for online merchants and rose over 70% for financial institutions in the same period. 

No matter what industry you are in, ATO fraud is a risk for which it pays to be prepared. There are a few simple steps and best practices to take to protect your business from ATO fraud and reduce the risk of an ATO attack on your employees or your customers. 

What is ATO fraud?

Account Takeover Fraud, or ATO fraud, is a type of identity theft in which a criminal gains control over a consumer’s account. By doing so, the perpetrator obtains access to sensitive information related to the account, such as the consumer’s PIN. This information enables the criminal to modify account settings such as the mailing address for statements, username, and password. It also allows the fraudster to perform unauthorized withdrawals.

ATO fraud can encompass one or more accounts belonging to the victim, which may include 

  • bank accounts;
  • email addresses;
  • brokerage accounts;
  • phone and utility services;
  • social media platforms;
  • travel accounts;
  • or online shopping accounts. 

These compromised accounts can then be exploited for various illicit activities using the victim’s personal information. In cases of financial account takeover, the perpetrator typically withdraws funds from the victim’s accounts through direct debits, fraudulent payments, or transfers without the victim’s knowledge or consent.

What is an account takeover attack? 

An account takeover attack takes place when an unauthorized person acquires login credentials or exploits security vulnerabilities to gain access to an account belonging to an individual or an organization.

For instance, in a mobile phone account takeover attack, the perpetrator’s intent is to gain control of the phone-based security authentication factor. This is usually done through a login attempt, which is usually a code or security token sent via SMS or authentication software to the phone. Once it is acquired by the criminal, the code can grant him/her access to the victim’s financial institution, brokerage, cryptocurrency, and other financial accounts.

Typically, criminals acquire the necessary credentials to carry out an account takeover through two primary channels: data breach marketplaces found on the dark web, or directly from consumers using malware or phishing techniques. Upon successfully gaining access to a victim’s account, the fraudster will change the account credentials and contact details, effectively seizing control of the account while ensuring that the victim remains unaware of any changes made to it. 

Unfortunately, in most instances, victims are unaware of the compromise until after the damage has been inflicted and the perpetrators have taken steps to conceal their actions.

What are the common types of ATO attacks and methods? 

There are many types of ATO attacks, which is one of the reasons why ATO fraud is so prevalent. Some of the most common forms of ATO fraud involve the following methods. 


In a phishing attack, the attacker sends an email or text message that appears to be from a legitimate source, such as a bank or online retailer. The email or text message contains a link or attachment that, when clicked on, installs malware on the victim’s computer or steals their login credentials.

Credential stuffing

A credential stuffing attack uses a list of stolen login credentials to try to gain access to accounts. The attacker will try to use the stolen credentials to log in to a variety of different websites and services. If the attacker is able to successfully log in to an account, they can then use the account for malicious purposes, such as stealing money or personal information.

Brute force attacks

Similarly, a brute force attack systematically tries different combinations of usernames and passwords until the attacker discovers the correct credential. Brute force attacks can be automated, which means that the attacker can try a large number of passwords very quickly.

Attackers also take advantage of social engineering and data breaches to gain access to user credentials. Social engineering attacks are used to trick unsuspecting users into revealing their login and password. For instance, the criminal will call their victim pretending to be the IRS and convince them to report their personal information over the phone. 

Likewise, when a data breach occurs, attackers can gain access to a large number of login credentials, which they can then use to carry out ATO attacks.

How can companies prevent ATO fraud? 

There are many ways criminals can exploit your customers’ credentials. Fortunately, you can mitigate the risk of ATO fraud with the right methods and technologies.

First and foremost, all businesses should require their employees (and customers, if applicable) to use strong passwords and update them regularly. A strong password is at least 12 characters long and should include a mix of upper and lowercase letters, numbers, and symbols. Layering on multi-factor authentication and requesting users to enter a code in addition to their password is another best practice. 

In addition, employees should receive training to spot phishing and social engineering attempts. Remind your team regularly not to click on links or open attachments in emails or text messages from unknown senders.

How can help?

The second piece of the puzzle to reduce the risk of ATO fraud is implementing the right technology. Business owners can combat ATO fraud with a combination of machine learning, anomaly detection, and behavioral analyses to detect high-risk sessions on your site and help prevent fraudulent logins. offers a unified solution against account takeover using the industry’s leading cloud-based “glass-box” system.’s suite of tools includes: 

  • Consortium data. We partner with payment processors, data organizations, and merchants to share anonymous data about fraudulent transactions and users in their systems. This enables us to flag those transactions before they even take place.
  • Deep learning. Our solution features machine learning that zeroes in on anomaly detection. It also factors in the location of the login. Our deep learning models detect the sometimes subtle patterns of fraud and use behavioral analysis to flag high-risk sessions.
  • Entity analysis. Criminals rarely act alone. Often, they share techniques and stolen data with other criminals. Analyzing relationships between bad pieces of data and fraudsters can differentiate between a single fraud attempt and a full-on attack.’s AppStore offers an easy way to integrate best-in-class data and technology solutions. Analysts can get a clear picture of suspicious activity on a single screen: integrates data sources from device fingerprinting to customer ID information to social media activity into a single view. This level of access empowers your team to put a halt to cybercriminals’ credential stuffing, brute force attacks, and other methods in trying to gain access to your customer’s accounts. 

[Read more in our eBook:  8 Actions to Reduce Account Takeover Fraud]  

To learn more about’s solutions, sign up for a demo today.