How bank account takeover scams work and can happen at any bank.
The extent of bank account takeover attack fraud cannot be understated. Figures show that in the United States, over 24 million households are affected, which is an estimated 22% of the adult population. And on top of this, bank and other financial account takeover losses are nearly $12,000 per incident, on average.
A bank account takeover attack is when a criminal gains access to and control of someone’s bank account. Usually, this is done after they have stolen the victim’s credentials, but it can as well be a result of brute force attacks, phishing, spear-phishing or any number of fraud incidents.
In fact, sophisticated brute-force cracking tools and account checkers are available on dark web marketplaces for as little as $4 and sometimes even downloadable for free for those who know where to look. Such scripts and tools can make it more difficult to detect bank account takeover attacks compared to a criminal choosing the manual route.
Cyber Criminals and scammers have platforms and forums online where they discuss these techniques as well as mentor each other on how to achieve such takeovers. Bank account takeover has evolved beyond the typical phishing, renting and sharing methods of the past. And so, legacy prevention methods like CAPTCHA and 2FA are no longer sufficient. Cyber criminals now outsmart CAPTCHAs using human-assisted solving services or automated tools such as Anticaptcha and Buster.
They also use social engineering techniques and hijacking software to bypass the 2FA settings on online banking accounts a worrying trend, considering many consumers believe multi-factor authentication to be sufficient protection. Over 84% of financial institutions said they experienced bank account takeovers in the past year, resulting in losses of more than $12 billion.
