Chapter 13. Account Takeover
All of me, why not take all of meâ¦
Gerald Marks and Seymour Simons1
Weâve mentioned account takeover (ATO) so many times already in this book that itâs a relief to arrive at the chapter where we can really dive in! We saved it for this part of the book because while ATO is a common attack method against all industries, itâs both particularly serious and, via social engineering and malware, particularly common in banking.
The reason ATO has come up so often already, of course, is because itâs such a prominent attack tool in the fraudster toolbox. Gaining access to a victimâs account opens up a huge range of possibilities for a creative fraudster. For this reason, though itâs often an end in itselfâmeaning ATO is carried out solely to facilitate fraudulent transactionsâitâs also sometimes simply one step in a more complex plan that may involve many different fraudster tactics. This is especially true with ATO attacks against banks, but it can happen in ecommerce stores and marketplaces as well.
Note
This chapter is about account takeover, which occurs when a fraudster hacks into an account and starts to leverage it; itâs not about account handover, which occurs when a previously respectable account is handed over voluntarily to a fraudster, usually either after a period of account aging or as a way to cash out a little before declaring bankruptcy. Account handover can cause considerable chaos, particularly in terms of money laundering ...
Get Practical Fraud Prevention now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
