What is Account Takeover (ATO) and how does it happen?
Account takeover (ATO) occurs when a fraudster gains access to your online banking account and makes unauthorized transactions. Understanding how it happens can help you prevent it.
How does account takeover happen?
1. Credential stuffing: scammers use stolen usernames and passwords from other data breaches to try logging into bank accounts. If you reuse passwords across sites, your account may be at risk.
2. SIM swapping: fraudsters trick mobile carriers into transferring your phone number to a new SIM card. This allows them to receive your verification codes and reset account passwords.
3. Password reuse: using the same password across multiple accounts increases risk. If one site is compromised, scammers may try those same credentials elsewhere.
4. Phishing/Smishing/Vishing: An unsolicited email, text, or phone call where a scammer will send an email or text with a link to trick the victim into giving away their login credentials. These links will usually take you to a phishing website that appears as a legitimate online banking or payroll website to trick you into giving away their login credentials.
5. Malware: A cybercriminal obtains victim's login credentials via malware on the victim’s device. Usually installed via clicking on a phishing email.
How to secure your account:
- Use strong unique passwords for every account.
- Enable multi-factor authentication (MFA).
- Never share verification codes.
- Monitor your account regularly for unusual activity.
Important: Panacea will never ask for your password, PIN, or one-time verification codes. If someone requests this information, it is a scam.
What to do if you suspect ATO:
-
Change your password immediately.
- Review recent transactions.
- Contact our support team right away.