One in eight (12%) Brits have had an online account breached according to new research from Thales. The survey of 2,000 UK consumers highlights a worrying lack of awareness about this growing threat, with one in ten stating they do not feel confident in spotting the signs.
What is an Account Takeover Attack?
Alongside account fraud, account takeover attacks are a frequent way that online accounts are compromised by bad actors. Account takeover attacks are distinctive in that they’re typically automated. Attackers might try credential stuffing, for example, where bots are used to repeatedly attempt to log into a user account using a common list of common or breached passwords. Once they have access, attackers can change your account settings, make purchases, steal personal information, or even lock you out of your own account. It’s akin to someone breaking into your house and taking control of everything inside.
An Increasing Threat
The 2024 Imperva Bad Bot Report highlights a significant increase in account takeover (ATO) attacks, with a 10% year-on-year growth. The report also notes that 11% of all login attempts across the internet are now associated with ATO attempts. This surge is largely driven by a rise in malicious bot traffic, which now accounts for nearly one-third of all internet traffic.
How to spot if your account has been compromised:
- Unusual Account Activity: Transactions or activities you don’t recognise, such as purchases, messages, or posts.
- Password Changes: Notifications that your password has been changed without your knowledge.
- Locked Out: Being unable to log into your account, even though you’re sure you’re using the correct password.
- Unfamiliar Devices: Alerts about logins from devices or locations you don’t recognise.
- Security Alerts: Receiving alerts or warnings from your service provider about suspicious activity.
- New Account Links: Finding new accounts linked to your email or social media that you didn’t create.
- Unusual Messages: Friends or contacts receiving messages from you that you didn’t send.
Tim Ayling, Vice President Cyber Security Solutions EMEA at Imperva, a Thales company said, “Account takeover attacks are becoming increasingly prevalent, driven largely by the rise in malicious bot traffic. Our latest research highlights that these automated threats now account for nearly one-third of all internet traffic, significantly contributing to the surge in account takeovers. This Cybersecurity Awareness month, we are dedicated to raising awareness and working with organisations to protect consumers across all their online experiences.”
If your account has been compromised, here are some key steps you should take:
- Change Your Passwords Immediately: If you can still access your account, change your password to something strong and unique. Avoid using easily guessable information.
- Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone.
- Contact the Service Provider: Inform the service provider of the breach. They can help you regain control of your account and secure it.
- Scan for Malware: Run a full scan on your devices using reputable antivirus software to ensure there is no malware that could have compromised your account.