Intelligent CIO APAC Issue 32 | Page 75

t cht lk

ACCOUNT TAKEOVER FRAUD . . . AND HOW TO AVOID FALLING VICTIM

Anthony Daniel , Regional Director – Australia , New Zealand and Pacific Islands , WatchGuard Technologies , tells us how cybercriminals exploit victims through account takeover fraud .

Cybercriminals target their victims in many different ways , and one of the lesser-known methods is account takeover fraud ( ATF ).

ATF is not new , but it ’ s a tactic that is being used more aggressively . Back in 2018 , it caused estimated losses of around US $ 4 billion across the globe . During 2021 , this figure rose by more than 200 % and , as of today , it is estimated to be more than US $ 12 billion .
One of the methods used to mount such an attack is deceptively simple , yet the impact on a victim can be profound . It involves hijacking an account before a user has actually registered it . already exists . They are prompted to reset the password , however the cybercriminal maintains access .
This type of cyberattack requires a number of factors to occur :
It ’ s important to recognize that an attacker does not have to have access to a victim ’ s email account or mobile phone to successfully carry out this type of attack .
For example , an attacker can create a new account on a service such as Dropbox or Zoom using a victim ’ s credentials that have been stolen from another source . When the user themselves attempts to create a legitimate account , they are told that one in their name
• The account must not have already been created by the user with the ID that is used ;
• The cybercriminal needs to have acquired some form of legitimate user identification , such as an email address or a phone number ;
www . intelligentcio . com INTELLIGENTCIO APAC 75