Our financial fingerprints are scattered all over our computers and devices: banking, credit card and retirement account data; tax returns; travel loyalty clubs; digital payment apps; online accounts for megastores; and much more. What resides on your smartphone alone is like a “candy store” to cybercriminals, warns John Buzzard, the lead fraud and security analyst at Javelin Strategy & Research in Pleasanton, California.
Of growing concern to him and others who battle cybercrime is a scourge known as an account takeover. In this type of attack, a criminal gains access to one of your digital accounts. The crook may not stop at a single account, either. Multiple critical accounts — and hard-earned cash — can eventually be at risk, Buzzard says.
What's an account takeover?
It's worse than a cybercrook's stealing your credit card number and going on a buying binge at a big-box electronics store. In an account takeover, your username, log-on information and the mobile number associated with your account are manipulated or changed in a way that prevents you from accessing your account and receiving notifications about possibly fraudulent activity. Account takeovers reached a six-year high in 2019, striking an estimated 4.4 million adults in the U.S. and causing $6.8 million in losses, Javelin Strategy & Research estimates.
Account Takeovers in the U.S.
Once the victim of an account takeover, Buzzard remembers the experience as “jarringly invasive.” When it happens, “the creep factor is up 100 percent,” he says. “There's somebody hard at work; they don't care if they ruin your life, but they're certainly chiseling away at your financial freedom and access to things that are important to you. It's strange. The natural, visceral reaction is, What's next? Is this it? Is there another shoe to fall?”
Data breaches galore
In light of persistent, troubling data breaches, a trove of sensitive consumer information is already in the hands of bad actors, Buzzard notes. Breaches can expose databases from entire organizations, and, according to Verizon's 2020 “Data Breach Investigations Report,” there were 3,950 breaches last year.
Mike Stamas, 44, cofounder of GreyCastle Security in Troy, New York, observes that at the same time these crimes are soaring, our digital presence has grown. “Compared to 15 years ago, we have a much larger presence of online assets, whether it's Facebook, Twitter, online banking, multiple email accounts, [crowdfunding site] GoFundMe and [payment app] Venmo,” he says.