Skip to content
English
digital security

Jan 07, 2025

Account Takeover Threatens Financial Institutions

Account takeover, or the unauthorized takeover of an account, is a cybercrime that threatens the security of user data in financial institutions. Here’s a complete explanation.

Technology in the financial sector continues to evolve to meet user needs. However, this progress is accompanied by lurking cybercrimes, one of which is account takeover.

Account takeover is a serious attack that not only threatens individuals' personal data but also compromises the integrity and reputation of financial institutions. Globally, account takeover cases increased by 150% in 2024 compared to the previous year. In Indonesia, 97% of businesses have experienced account takeover attempts, with 76% of these attempts involving unauthorized transactions.

Institutions or companies that fall victim to account takeover are often seen as incapable of safeguarding user data. Therefore, it is crucial for financial institutions to understand the dangers of account takeover.

This article will discuss the definition of account takeover, methods used by attackers, its impact on the banking sector, and preventive measures.

What is Account Takeover?

Account takeover is one of the most dangerous forms of cybercrime faced in digital transactions today. It refers to a cyberattack in which perpetrators gain unauthorized access to an individual's or organization's online account. Once the account is compromised, the attacker can engage in various illegal activities, such as unauthorized financial transactions, data theft, or service abuse.

Common methods used in account takeover include phishing, spoofing, and malware, all of which aim to gain account access.

Methods of Account Takeover

1. Phishing

Phishing is one of the most common account takeover methods, used by hackers to steal victims' login information. Attackers send emails, SMS, or other messages that appear to come from trusted sources, such as banks, technology companies, or official institutions.

These phishing messages typically include fake links resembling legitimate websites. When victims click the link, they are redirected to a fake site that asks for login credentials, such as usernames, passwords, or credit card numbers. Once the data is submitted, attackers can immediately use it to access the victim's account. In Indonesia, over 97,000 phishing attempts were recorded in 2023, most involving stolen passwords.

2. Credential Stuffing

Credential stuffing involves attackers using username and password combinations from previous data breaches to try logging into other accounts. This method assumes that many users reuse the same credentials across platforms.

Attackers access leaked login data, often sold on the dark web, and use automated tools to try those credentials on various websites or services. If successful, they gain access to the victim's accounts. Credential stuffing is particularly damaging for platforms without multi-factor authentication (MFA), as these attacks can succeed in under an hour.

3. Social Engineering

Social engineering manipulates victims psychologically to extract sensitive information. Attackers often pose as official representatives, such as bank officers, to build trust and trick victims into providing critical details.

In account takeover, attackers may contact victims via phone, email, or social media, pretending to represent a trusted institution. They create a sense of urgency, for example, claiming that the victim's account will be blocked unless immediately verified. Panicked victims are more likely to share login credentials or other sensitive information.

4. Malware

Malware is malicious software designed to steal personal information, including account login details. Malware can be embedded in downloaded files, accessed links, or connected devices.

Types of malware used in account takeover:

  • Keylogger: Records every keystroke, including usernames and passwords.
  • Spyware: Monitors victim activity and collects data like login credentials or financial information.
  • Trojan Horse: Disguises itself as legitimate software to steal user data.

Once the malware infects a device, it can steal sensitive information stored in browsers or devices, which attackers then use to take over accounts.

5. Spoofing

Spoofing involves attackers faking their identity to deceive victims. In account takeover, spoofing often includes creating fake emails, phone numbers, or websites that appear to belong to legitimate institutions.

Examples include email spoofing, caller ID spoofing, and face spoofing. Recently, face spoofing has gained attention due to the rise of deepfake technology, which can mimic someone's face.

The Dangers of Account Takeover for Financial Institutions

  1. Theft of Personal Information: Account takeover leads to the theft of sensitive personal information, including credentials and confidential data such as ID numbers, full names, and phone numbers. These details can be used for crimes like applying for loans using the victim’s identity.

  2. Financial Loss: Account takeover often results in unauthorized withdrawals, illegal transactions, and fraudulent access to credit or loans. Financial institutions must compensate victims, adding to their losses.

  3. Reputational Damage and Loss of Customer Trust: Trust is the foundation of the financial industry. When account takeover incidents occur, customers lose confidence in the institution's ability to protect their data and funds, often opting for safer alternatives.

  4. Increased Operational Recovery Costs: Institutions face significant costs to recover from account takeover, including system restoration, investigation, victim compensation, and regulatory fines.

  5. Exploitation for Further Fraud: Once an account is compromised, attackers can use it for other purposes, such as money laundering, infiltrating internal systems, or conducting social engineering attacks.

Preventing Account Takeover

To protect against account takeover, financial institutions should consider using multi-factor authentication (MFA), including device authentication and facial recognition.

Why not passwords?
VIDA's study reveals that relying on passwords as the primary protection method increases the risk of phishing and social engineering attacks. Passwords are inherently weak due to being easy to guess, steal, or crack.

VIDA’s Authentication Solutions:

  1. PhoneToken

    • Combines PKI-based device authentication with biometric verification directly on users' devices.
    • Eliminates passwords and OTPs, making it highly resistant to phishing and social engineering.

  2. FaceToken

    • Integrates face liveness detection, face matching, and device authentication in a single swift step.
    • Ensures only real, live users can authenticate, protecting accounts from face spoofing attacks.

Account takeover is a real threat. By understanding its methods, dangers, and prevention strategies, financial institutions can better safeguard user data. Want to learn more? Contact VIDA today!
VIDA

VIDA - Verified Identity for All. VIDA provides a trusted digital identity platform.

Latest Articles

Account Takeover Threatens Financial Institutions
digital security

Account Takeover Threatens Financial Institutions

Account takeover, or the unauthorized takeover of an account, is a cybercrime that threatens the security of user data in financial instit...

January 07, 2025

VIDA and PayMongo: Fighting Deepfake Fraud in Southeast Asia
digital security

VIDA and PayMongo: Fighting Deepfake Fraud in Southeast Asia

VIDA and PayMongo have joined forces to combat deepfake fraud threatening financial inclusion in Southeast Asia. Curious about how this col...

December 06, 2024

Signature Maker: Powerful Key to Corporate Approvals
signatures

Signature Maker: Powerful Key to Corporate Approvals

How can signature makers enhance your corporate approval process? Find out how secure, easy-to-use solutions speed up document management a...

November 27, 2024