Archer
  • Who We Are
    • About Us
    • Team Archer
    • The Archer Experience
    • Our Clients
    • Our Partners
  • What We Do
    • NERC Regulatory Compliance
    • Cyber & Physical Security
    • Control Design & Testing
    • Tools & Integration
    • Oil & Gas Security and Compliance
    • Project Management
    • Training & Awareness
    • Personnel Risk Assessment
  • Media and Press
    • Archer News
      • Archer News Stories
      • About Archer News
    • Press Releases
    • Blog
  • Events
  • Careers
  • Contact Us
Archer
  • Who We Are
    • About Us
    • Team Archer
    • The Archer Experience
    • Our Clients
    • Our Partners
  • What We Do
    • NERC Regulatory Compliance
    • Cyber & Physical Security
    • Control Design & Testing
    • Tools & Integration
    • Oil & Gas Security and Compliance
    • Project Management
    • Training & Awareness
    • Personnel Risk Assessment
  • Media and Press
    • Archer News
      • Archer News Stories
      • About Archer News
    • Press Releases
    • Blog
  • Events
  • Careers
  • Contact Us
1-800-805-7411
sale@archerint.com
2201 NE Columbia Blvd, Ste 2101B Portland, OR 97211

What is ATO — and how are cyber crooks using it against you right now?

  • March 26, 2020
  • Posted by: Kerry Tomlinson, Archer News
  • Categories: Archer News, Cyber Crime, Cyber Crime, Cyberattack, Hacking, Posts with image
No Comments

We’re answering your security question, “What is ATO?”

It stands for account takeover.

And with so many people now working from home and shopping from home, cyber criminals are stepping up their game.

Watch here:

Shopping From Home

We’re letting our fingers do the walking, as the old Yellow Pages commercial used to say.

We’re still shopping during isolation and quarantine, but online.

TransUnion reported a 23% rise in e-commerce transactions the week after the World Health organization declared a coronavirus pandemic on March 11.

That opens up more opportunities for cyber crooks.

One of their tactics is ATO, or account takeover, where attackers break into your email, bank account, Amazon account, work accounts — anything where they can take it over and use it for their own purposes.

TransUnion reports an almost 350% jump in account takeover attacks last year.

And this spring will bring us more, as we spend more time indoors and more time at the screen.

Taking Over 

How do they get in?

Phishing is a favorite. They send you, say, a password reset email and wait for you to bite.

They can also guess your password by scoping you out online. For example, if you like boating, your password might be ‘Boat123’.

Attackers also use ‘guessbots’ that automatically try long lists of passwords to see if you are using popular ones or reusing your favorites — also known as credential stuffing.

Plunder and Pillage

What do they do with your accounts?

—Raid you for anything valuable you’ve got, from money to sensitive info to loyalty points.

—Use your email to reset your passwords on all of your other accounts, so they own them all.

—Sell your account on the black market.

—Use your account to trick others

Attackers often use account takeovers to launch other attacks, like sending out phishing email to other people, or fooling people into giving up money or data because they think it’s you.

Warner Bros. sued an accounting firm last month for losing $1.3 million to a scheme where cyber attackers took over an email account and diverted money to their own bank account in an attack known as business email compromise, or BEC.

Researchers report a rise in what they call ‘vendor email compromise‘.

In this scheme, attackers take over the email accounts of vendors, suppliers and trusted partners, then send realistic invoices from their accounts so other companies fall victim, according to security company Agari.

A fake email sent to trick people into giving up their username and password in a vendor email compromise attack. Image: Agari

Stopping Attackers

What can you do about account takeovers?

Try these tactics:

—Use better, longer passwords and use different ones on each account.

—Use multi-factor authentication, where you use not only your password to sign in, but a second step as well. 

—Set up alerts for transactions on your bank account and any account that involves payments so you know when someone’s using your money.

—Watch out for messages asking you to reset your password.

Take Care

If you do receive a message asking you to reset your password, go directly to the website on your own, instead of clicking on the link in the email.

Keep your eye out for coronavirus scams. TransUnion said one in five people surveyed have been a target of coronavirus-related digital fraud.

Research shows that people who are isolated, online and worried about money — like many people during the pandemic — are more likely to fall for cyber scams.

 

See also:

What is encryption?

What is a botnet?

What is Mimikatz?

What is ATO?

What is SIS?

What is an air gap?

What is a PLC?

 

Main image: Piggy banks. Image: bob_bosewell/iStock

Related



account takeover ATO credential stuffing cybersecurity passwords phishing

Leave a Reply Cancel reply

Recent Tweets

  • Follow Us Everywhere #archerawareness https://t.co/T4wjZaQEL83 hours ago
  • The latest episode of DirectConnect can be streamed on Sportify https://t.co/MDtFMsbl8r #archerawareness https://t.co/fxy3RHVVNw4 hours ago

Navigation

  • Home
  • Who We Are
  • What We Do
  • Press Releases
  • Events
  • Contact Us
  • Careers
  • Archer News

Highlighted Video

https://www.youtube.com/watch?v=Jbh3HmNv2jo
© 2023 Archer Energy Solutions LLC | Privacy Policy
https://archerint.com/wp-content/uploads/2018/06/Archer-Security-Awareness-Tailgating.mp4

SECURITY AWARENESS SERVICE

Most security awareness programs put people to sleep. Our fresh, creative videos and graphics keep people interested — so they take in and even enjoy the security message you need to get across. Archer’s security awareness stories bring together timely, compelling and sometimes humorous information through real-life examples so your employees will care about their own security and the security of the company they work for.

See the difference for yourself and sign up for our 4-times-a-year awareness program in a box, complete and ready to use with videos, graphics and text — your employees and your company will thank you! Archer can also add live appearances and training, custom videos and more to keep your people interested and invested in keeping your company safe and secure. Some examples of our security videos are below: