The FBI Internet Crime Complaint Center has received more than 5,000 consumer complaints about account takeover (ATO) fraud already this year, totaling more than $250 million. The news came in an FBI warning about several new ATO scams consumers should be vigilant about.
In ATO fraud, criminals usually gain unauthorized access to a targeted online financial institution. Although many people connect ATO fraud to bank accounts, every type of account is at risk. A fraudster taking over an email account or a social media account can be dangerous as well.
Hacking into Multiple Accounts
The goal for the criminals is not just stealing money but also leveraging additional information to do greater damage.
“If I only know your username and password, when I log into your financial account, maybe now I can see your email address and your phone number,” said Jennifer Pitt, Senior Analyst in Fraud Management at Javelin Strategy & Research. “Banks need to get out of the thinking that it’s solely financial accounts that are being taken over and one account. They’re after as many accounts as they can access, as quickly as they can.”
The FBI warning included advice for avoiding account takeovers through social media. Sharing certain information–like a pet’s name, date of birth, or information about family members—can give scammers dangerous insight into a user’s password or answers to security questions.
New Trends in Scams
The scams have gotten sophisticated enough that even phone calls that seem to be from a customer’s own bank are not reliable. The FBI recommends that people be suspicious of unknown “banking” employees making unsolicited phone calls. Rather than trust caller ID, the FBI says consumers should hang up, verify the correct number, and call it themselves.
The FBI report also cited a relatively new technique called search engine optimization (SEO) poisoning, in which cyber criminals buy online ads that make them look like legitimate businesses. When users click on the fraudulent ad, they are directed to a phishing site that mimics a real website and tricks them into providing their login information.
To avoid this, the FBI recommends that users not click directly on Internet search results or advertisements. Instead, rely on bookmarks or browser favorites to navigate to websites. And always carefully examine any email address or URL that was sent in an unsolicited email or text.
