Have you ever received a WhatsApp message or email from an unknown sender containing a suspicious link? Be careful, that’s often the beginning of an account takeover.
Account takeover is a type of cybercrime where attackers gain access to a victim’s personal data and use it to access their online accounts. This personal data is obtained through methods like phishing, social engineering, or malware. Once the attacker has control over the victim’s account, they can perform transactions such as withdrawing money, transferring funds, or even applying for loans.
While account takeover primarily targets individual data, financial institutions also suffer. In Indonesia, 97% of businesses have faced account takeover attempts, with 8 out of 10 cases resulting in unauthorized transactions or data breaches.
Did you know that account takeover can also be carried out using deepfake? Yes, advancements in deepfake technology make it easier for attackers to deceive security systems.
The evolution of account takeover (ATO) attacks is closely tied to the growing reliance on digital platforms. Today, much of our activities—shopping, interacting, and banking—are done online, leading to an exponential increase in user accounts. Billions of personal data points, including passwords, are scattered across the internet, creating a larger target for attackers. This is compounded by people’s habit of reusing the same password across multiple accounts.
Here’s how account takeover typically works:
Credential Theft
Attackers acquire login data through methods such as phishing, credential stuffing, or malware.
Unauthorized Access
Once they have the login credentials, attackers gain access to the victim’s account to steal money or data.
Account Abuse
Compromised accounts are often used for further criminal activities, such as money laundering, unauthorized transactions, or social engineering to target additional victims.
Unfortunately, modern account takeover tactics go beyond these basic steps. After obtaining login credentials, attackers are now using deepfake technology to exploit them further. Here’s how:
Attackers leverage deepfake technology to create synthetic identities or manipulate real ones to bypass security verification systems. Below are some ways deepfake is used in account takeover:
Attackers use deepfake to create fake images, videos, or voices resembling specific individuals, often authority figures like bank officers or company representatives. These fake identities are then used to manipulate victims into providing sensitive information, such as usernames, passwords, or OTP codes.
By instilling panic, attackers push victims to act quickly. For example, they might claim that the victim's account will be blocked if they don’t immediately verify their information.
In KYC (Know Your Customer) processes, many institutions rely on facial recognition technology for identity verification. Hackers use deepfake to generate fake facial videos resembling the victim’s identity.
For instance, an attacker may combine stolen personal data from a data breach with a deepfake video to open a new bank account without the victim’s knowledge. This account is then used for further fraud. Terrifying, isn’t it?
Many biometric systems remain vulnerable to deepfake attacks because they lack liveness detection technology. Liveness detection ensures that the face being verified is real and not artificially generated. Without this feature, deepfake can easily bypass the system.
The threat of deepfake in account takeover can be mitigated through the following measures:
MFA adds an extra layer of security. For example, combining device authentication with biometrics ensures that authentication is performed on the actual owner’s device and biometric data.
Liveness detection embedded in biometric authentication ensures that the biometric data comes from a real person, not an image or video. This prevents systems from being deceived by deepfake.
Fraud detection systems operate from login to the completion of a transaction. These systems analyze account activity to detect and flag fake data, particularly those generated by AI.
Raise awareness among users about the risks of account takeover and deepfake so they can protect their personal data.
Solutions like VIDA User Authentication offer device authentication (VIDA PhoneToken) and facial authentication (VIDA FaceToken) to ensure that only authorized individuals can authenticate.
The use of deepfake for account takeover is a real threat. By understanding how it works and how to counter it, companies can implement safer authentication methods.
Interested in learning more about VIDA User Authentication? Contact VIDA's sales team today!