ATO fraud (or Account Takeover) is a form of identity theft. A cybercriminal takes over a victim’s online account, such as banking, credit card, email or social media accounts without permission.

What happens? The cybercriminal steals login information, attempts to login and if successful, locks the account owner out.

How do fraudsters obtain the login credentials?

Phishing Sending emails or text messages pretending to be a known or legitimate source to trick the account holder into giving login or personal information. Never open or click on links from an unknown sender.

Malware Software designed to disrupt, damage or gain unauthorized access to a computer system. This software is installed without your knowledge often through successful phishing attempts or visiting compromised websites.

Social Engineering The fraudster tricks the account owner into willingly sharing login or other sensitive identifying information by posing as a friend, your credit union or another legitimate business.

Intrusion Fraudsters gain access to an account owner’s device using “shareware”, or computer programs that remotely allow for control of the account owner’s device. Once allowed access, a cybercriminal can copy, delete, and search for a variety of identifying information on websites.

What are the signs you have been the victim of an account takeover?

• Receiving alerts or notifications of account changes you didn’t initiate
• Changes to the account owner’s personal information including:
• Username or Passwords
• Physical address
• Phone numbers
• Password or PIN changes
• New authorized user(s)
• Unauthorized charges on a debit or credit card

How can you prevent ATO fraud?

• Set security questions that are difficult to guess
• Use strong, unique passwords
• Utilize multi-factor authentication (MFA) whenever it is offered
• Run malware detection software
• Avoid clicking boxes on password protected sites that allow for device recognition
• Use Virtual Private Networks (VPNs) when possible
• Avoid public, shared, or non-password protected wi-fi access

What should you do if you are a victim of ATO fraud?

• Report any account you believe to be compromised to the company involved
• Review your account settings
• Change passwords
• Carefully examine your credit report
• Any person can obtain a fee-free copy of their credit report annually
• Place a fraud alert on your credit report
• Once placed with Equifax, Experian or Trans-Union, the other two agencies are required by law to be notified by the agency who originally received the report.
• If you are a Cove Federal Credit Union member and your bank account has been impacted, call 1-859-292-9000 to determine the most appropriate course of action.
• Consider filing a police report, especially if you have lost money.

To identify compromised social media accounts, go to your settings to determine if an unauthorized device has logged into your account, and from where the login occurred. If an unauthorized user is confirmed, update your password and reach out to customer service with questions or concerns.

Issues with identity theft can continue for a long time for a victim. In order to protect yourself, stay vigilant, keep records, stay organized, and continue monitoring your credit and other accounts so that you can identify any new suspicious activity.