Trending Insurance News

Anatomy of an account takeover

Anatomy of an account takeover


It’s a typical Tuesday morning at a thriving startup. Amid back-to-back meetings, Dan, the company’s CEO, receives an urgent email flagging an unexpected issue with a payment from what appears to be one of their vendors. The email is well-crafted, carrying the company’s branding and typical professional tone. Without thinking twice, Dan clicks the provided link and inputs login credentials on a landing page that looks strikingly similar to the vendor’s financial portal. 

What Dan doesn’t realize is that this isn’t a legitimate email, and the link he clicked on harvested his credentials. By the end of the day, cybercriminals have gained access to the startup’s corporate accounts, swiftly transferring a significant amount of capital to an offshore, untraceable destination. It’s a devastating hit, both financially and reputationally, and it could have been prevented with more stringent cybersecurity protocols. 

Unfortunately, account takeovers (ATOs) like the one Dan experienced are a growing threat, with attacks surging by 24% year-over-year in 2024, according to a Sift report 

As technology advances rapidly, fraudsters have become increasingly sophisticated in their techniques. “To protect your business and personal finances, it’s crucial to be aware of the security security threats out there and understand how to protect yourself,” said John Mancuso, Senior Information Security Analyst at First Citizens Bank. 

October is Cybersecurity Month, making it the perfect time to brush up on your fraud detection skills and ensure you and your team stay vigilant against attacks. In a recent SVB webinar, cybersecurity experts shared the most common types of fraud and explained how to protect yourself. Here are the threats they identified and their advice about protecting your business.  

Phishing

Phishing scams often involve emails, fake text messages or phone calls that appear to come from legitimate sources, such as your bank. These messages might claim there’s suspicious activity on your account or ask you to verify your information urgently, creating a sense of panic. Fraudsters often use spoofing techniques to make their phone numbers look like they belong to trusted institutions. Once the victim clicks a link or shares their credentials over the phone, the scammer can log into their account, impersonate the victim when contacting the bank and even install remote desktop software to steal funds. 

To avoid phishing:  

  • Never click on links from unsolicited text messages or emails, and don’t share personal information over the phone unless you initiated the contact. 
  • Review the sender’s email address carefully for discrepancies.
  • If you receive a suspicious call, hang up and call the institution directly using a number you trust. Do not trust caller ID as it can be spoofed.
  • Monitor your accounts for any unusual activity, such as unauthorized charges or password resets. 

Impersonation

Impersonation fraud occurs when criminals pose as customers of a financial institution to gain unauthorized access to accounts. They may target victims by stealing personal information through identity theft or phishing schemes. Armed with this data, fraudsters contact customer support and, using social engineering, convince representatives that they are the legitimate account holders. Once inside, they can reset passwords, enroll in security tokens or even change contact information to a look-alike email domain, making it harder for the actual customer to regain control. In some cases, these impersonators may even visit a bank branch in person, using forged documents to legitimize their claim. 

To avoid impersonation fraud:  

  • Be cautious about the personal information you share on public social media profiles, including channels like LinkedIn. Fraudsters often use this information for social engineering schemes.
  • Always verify the identity of anyone claiming to be from your bank or financial institution. Don’t rely on caller ID as fraudsters can spoof legitimate numbers.
  • If you receive a suspicious call or email, offer to call them back using a number you know is correct. 

Malicious advertising

Malicious advertising, or malvertising, is a tactic where cybercriminals use online ads to redirect users to fake websites designed to harvest login credentials. These ads often appear on legitimate websites, such as a search engine results page, making them difficult to spot. A user might see an ad for a familiar brand or service, click on it and unknowingly be directed to a malicious website that looks nearly identical to the real one. Once the user enters their credentials, the attackers capture them and use them to take over accounts and steal personal and business data. 

To avoid malvertising: 

  • Instead of searching for your bank or other important accounts in a search engine, bookmark a trusted website and use this link to log in every time.
  • Double-check URLs before entering any personal or company information. Malicious sites often have URLs that are slightly different from the legitimate version.  
  • Use an ad blocker to help prevent malicious ads from loading and reduce your exposure to potential threats.  

Account takeover (ATO)

ATO occurs when a fraudster gains unauthorized access to a victim’s account, typically through stolen login credentials. Once inside, they can steal personal data, transfer funds or make unauthorized purchases. ATO attacks often begin with phishing (as in the example of Dan above), credential harvesting or exploiting weak passwords.  

To avoid account takeover: 

  • Validate websites before entering credentials.  
  • Don’t reuse passwords across sites and use a password manager to create and store complex passwords that are harder to guess.
  • Ensure account and security alerts are set up for online banking. Doing so means that in the event of an ATO, you’ll be notified quickly when unauthorized activities are spotted, so you can take action sooner.
  • Beware of “spam bombs,” which can indicate a cyber threat. A spam bomb floods an email inbox with thousands of junk emails, so the recipient is distracted from important emails, such as notification of account changes or banking transactions.  

Business email compromise (BEC)

BEC is a scam in which fraudsters target businesses by infiltrating or spoofing email accounts to manipulate employees into making unauthorized payments.  

“BEC isn’t just a leading cause of fraud losses — it’s the digital equivalent of a heist in broad daylight, but the criminals never have to enter the building,” Mancuso said. “Every employee, from interns to executives, needs to be on high alert.” 

The process usually starts with identifying a specific target — often someone in a position of authority who handles financial transactions. Once the victim’s email is compromised, attackers gather information about the organization’s communication patterns. They may hijack an ongoing email thread to blend in, building trust and waiting for the right moment to strike. When the opportunity arises, they initiate or intercept payment requests, sending instructions to transfer funds to an account controlled by the criminals.  

To avoid BEC:  

  • Verbally verify any new or changed payment instructions using a trusted phone number.
  • Require multi-factor authentication for email accounts to make it more difficult for attackers to gain access, even if they steal your credentials.
  • Use a dual-approver system. Require multiple levels of authorization for any high-value transactions to reduce the risk of unauthorized payments.
  • Be cautious of urgent or secretive payment requests, especially if they deviate from normal business processes.

For more information on BEC, including a training course video, check out this article.

In addition, many companies are now considering cybersecurity insurance as an added layer of protection to lessen the financial impact of a breach. 

Cyber security insurance

Cyber security insurance provides a critical safety net, helping businesses recover from the financial and operational fallout of attacks. As cyber incidents, like account takeovers, phishing schemes, ransomware and data breaches become more frequent, cyber insurance ensures that a company can mitigate damage and maintain stability during a crisis. 

Cyber insurance generally provides two key types of coverage: first-party coverage and third-party coverage. 

First-party coverage addresses the immediate costs your business incurs during an incident. This can include hiring forensic experts to investigate and contain the breach, notifying customers about exposed data and providing credit monitoring to affected individuals. If your business experiences downtime due to an attack—such as a ransomware lockout—this coverage can also reimburse lost revenue to help soften the impact on your operations. 

Third-party coverage protects against lawsuits, fines and other liabilities that result from a breach. If customers, vendors or regulators hold your business accountable for exposing sensitive data, cyber insurance covers legal defense fees, settlements and regulatory fines. This helps minimize the financial burden of legal proceedings and ensures your business can navigate reputational challenges with more ease. 

Some policies offer specialized protections tailored to modern cyber threats. For example: 

Ransomware and extortion coverage: If hackers encrypt your systems and demand payment to unlock them, this coverage can fund the ransom and provide expert negotiators to restore operations quickly. 

Social engineering and fraud protection: This feature covers financial losses when employees are deceived into transferring funds or sharing sensitive information with attackers posing as trusted partners or executives. 

Startups, in particular, are vulnerable to these types of attacks as they often manage critical data but lack the extensive security infrastructure of larger enterprises. For companies handling personal, financial or proprietary data, cyber insurance is becoming as essential as any other core business protection. Investors and clients increasingly expect startups to have this coverage, especially as part of Series A rounds or when entering data-sensitive markets like fintech or healthcare. 

By securing cyber insurance, businesses gain not just financial support, but also access to expert resources—legal advisors, cybersecurity consultants and forensic teams—that come into action immediately when incidents occur. With threats evolving constantly, this coverage helps ensure that your company stays resilient and can keep moving forward, even when the unexpected happens. 

Conclusion

Taking proactive steps to safeguard your financial and operational systems can prevent devastating losses. This means implementing multi-factor authentication, training employees to recognize phishing attempts, regularly reviewing cybersecurity protocols and cyber insurance. Also, taking advantage of bank solutions like Positive Pay and Fast Identity Online (FIDO) can improve transaction monitoring and online authentication. Lastly, be sure to reconcile accounts regularly. 

Even with the best defenses, no system is completely immune to attacks. When a suspicious event occurs, report it immediately to the Internet Crime Complaint Center and your bank.  

Acknowledgement

Thank you to Travis Hedge, CRO and Co-founder of Vouch, for his contributions to this article. 

Read Next


Cybercrime is on the rise

This article covers what you need to know about the latest threats and practical advice on how to protect yourself and your business interests.



Source link

Exit mobile version