March 31, 2021 Last updated April 18th, 2021 741 Reads share

How to Detect and Prevent Account Takeovers

Image Credit:

Account takeover is a form of identity theft where a fraudster uses bots to access a customer account. The criminal can access a bank account, eCommerce store, gaming portal, or any other site to gain financial access. Fraudsters who want to access other people’s accounts either use account takeover technique or credential stuffing.


Credential Stuffing

The fraudsters know that many account users use the same usernames and passwords at multiple websites. So they know if they gain access to some stolen credentials for one account, they can use the same credentials to access all the other accounts. The other technique used by the fraudsters is credential cracking. In this case, the fraudster tries as many options as possible, hoping that they will guess the right username and password.


Six Things to Help You Detect Possible Account Takeover

Use the following ways to help you detect account takeover fraudulent acts:


  1. Multiple Changes on Account with Shared Details

Fraudsters may want to claim an account and possess it so that no one re-accesses it after them. To attain that, they change the details of a legitimate account but enter different profile details. Most of the details do not change as one field is the key one, which is the one they change. They either change telephone numbers or the customer’s address to ensure they get the details of the account other than getting to the real owner.


  1. New Account Details, New Device and New Delivery Address
  • You can detect an account under attack by noticing frequently updated customer details like telephone numbers, emails, and name.
  • You can notice the customer’s account takeover during login from a new device within 24 hours after the change of address.
  • New orders with the new delivery address soon after the change of address and updated customer details.


  1. An account with Multiple IP Address Countries

A high number of IPs from different countries is an indication of an account takeover attack. When the fraudsters are making several login attempts, they do not know the location of each customer. That makes it hard for them to confirm that they are using the right IP address in every attempt.


  1. Several Customer Detail Changes All Happening at Once

When you spot many account changes all taking place at once, it indicates that someone may be trying an account takeover fraud. For instance, if the fraudsters have been accessing accounts and suspect that they are being noticed, they will change the account email addresses all in bulk. Such bulk account detail changes can lead to account takeover. It is important to be on the alert and watch such happenings in your organization.


  1. Ratio of Known or Unknown Device Models

Fraudsters like using software to hide the device they are using. That means the model they are using will come up as an unknown model. When you notice an account connected to more unknown devices compared to the known ones, it is an alert that someone may be using another person’s account.


  1. Multiple Accounts Linked to the Same Device

When you see that several accounts are linked to one device, it could be that one fraudster is accessing several accounts illegally. It should be an alert that something is not going right.

If you notice two or more of these signs in your customer data, it is important to be on the alert. It would be best to investigate immediately as all these are signs of fraudulent activities on customer’s accounts.


Practices to Help Businesses Prevent Account Takeover

If businesses have to prevent account takeover, they have to educate their employees on the possible risks and how to prevent them.


Prevention of Account Takeover through Login



It is important for employees who are customer-facing to know how they can protect their data and avoid account takeover practices from fraudsters. The best login practices are a great weapon to fight account takeover. To prevent fraudsters from stealing passwords to access accounts, you can begin using passwordless authentication or instant login. Customers can log in to their accounts using a magic link delivered to them through their email or use their phone numbers.


Multiple Authentications

Another great way of adding another layer of protection during account login is by using multi-factor authentication. When you bare login using multiple authentications, it is not easy for the fraudster to guess your login credentials right in all cases. That will mean only the right cutover will access the correct account.


Risk-Based Authentication

Using risk-based authentication helps to protect the account by noticing and reporting any unusual login pattern. For instance, login into the account using a different device sends a warning to the account order that the account is accessed using an unusual device. If the account holder is not attempting the login, they will get an alert in real-time and act fast.


Security and Compliance

You can tailor the login radius to be compliant with the global security standards and also to meet the regulatory requirements depending on the industry.


Consent Management

Consent management is another feature that can help prevent account takeover. It manages customer’s consent about data collection, storage as well as communication. That means customers can change any existing permission depending on what they want.


Data Management

Data management helps by tracking the individual profile from its admin and their activities. Data management helps enterprises manage millions of customers and perform actions to trigger verification requirements on behalf of the customer.

Businesses can lose millions of dollars through account takeover financial losses, damaged brand image, and customer trust loss. That is why enterprises and their employees must understand the risk and what they are supposed to do to prevent fraud.

Businesses need to begin by training their employees to be aware of all the risks they face and how they are supposed to prevent them. It is not easy to deal with brand image damage or millions of dollars loss. Preventing it from happening is the best way to protect your business.

Dmitry Kozlov

Dmitry Kozlov

Read Full Bio