First-hand insights from an ATO victim
Experiencing an account takeover can stir a mix of emotions – anger, fear, and confusion – as you face the reality of a compromised account.
One of GeoComply’s own employees experienced an account takeover firsthand earlier this year with a leading media streaming service provider in the U.S. Intrigued by a show recommended by their peers, our employee attempted to log in, only to discover they were completely locked out of their account.
This experience is not out of the ordinary. Nearly 30% of Americans experienced an account takeover at some point in their lives, revealing its widespread impact. Streaming accounts are particularly vulnerable as more than 1 in 10 accounts taken over in 2023 were made up of entertainment and media streaming accounts.
Given the growing prevalence of these incidents, we sat down with our employee to offer a first-hand perspective on the imminent dangers of account takeovers and what the recovery and prevention process can look like.
But first, let’s cover what an account takeover (ATO) really entails and why it’s a significant concern.
Account takeover (ATO): An overview
What is an account takeover (ATO)?
An account takeover (ATO) occurs when an unauthorized user gains access to someone else’s online account. The motives behind these takeovers are varied, ranging from financial gain to the theft of sensitive data.
In the context of media streaming platforms, the threats are particularly significant. In 2023, account takeovers on media streaming and entertainment platforms made up 13% of all account takeover cases.
Account takeovers on media streaming and entertainment platforms made up 13% of all cases in 2023.
Fraudsters often pursue the following goals: selling the stolen account or its data on the underground market, purchasing and using goods and services through the stolen account, using the account to target specific entities tied to the user, or using the account to conceal their identity and conduct a cyber attack on a greater scale.
How do account takeovers occur?
Account takeovers can stem from a variety of means, ranging from data breaches to brute force methods such as credentials cracking. The most common methods include:
Credentials cracking
Credentials cracking
Using brute force methods, fraudsters deploy tools or bots that can crack 8-character passwords in less than an hour.
Social engineering
Social engineering attacks typically involve tactics that manipulate the target into performing specific actions or revealing sensitive information.
Viruses and malware
Viruses and malware
Viruses and malware steal sensitive information through means such as keystroke tracking, browser spying, or hijacking devices like webcams.
Stolen credentials and data breaches
Data breaches collectively expose billions of leaked usernames and passwords, which fraudsters exploit by accessing services where users commonly reuse login details.
Man in the Middle (MitM) attacks
In MitM attacks, fraudsters intercept data transmissions through compromised networks, often via unsecured public Wi-Fi networks, to access users’ online activities.
Deliberately sharing information
Sharing login details with trusted individuals can lead to account takeovers, especially when relationship dynamics change, risking unauthorized access.
Navigating account takeovers can be daunting. However, it’s crucial to understand how they occur so you can handle the situation and take the appropriate preventative measures.
Case study: Navigating account takeover (ATO) on a popular media streaming service
Our employee shared their personal experience with account takeover on a popular streaming service and revealed the underlying dangers that still remain unresolved to this day.
What happened when your account was taken over? When did you realize your account had been breached?
“Honestly, I just thought something had changed. I receive so many marketing emails daily that I didn’t pay much attention to it at first.”
When our employee’s account was first compromised, the signs were subtle. They initially overlooked emails in a foreign language, a common oversight given the volume of daily digital communications. The situation escalated when they tried to log into a streaming platform and found themselves locked out from all devices. With the user interface language changed and their account email altered, they were unable to reset their password.
This experience mirrors that of many account takeover victims, where over half (51%) of all account takeover victims only notice the breach when they encounter login issues, indicating that businesses might not be aware of such security breaches and as a result, are not sufficiently notifying their customers. This leads to many victims, including our employee, never learning how their accounts were compromised, leaving them vulnerable to future incidents.
What process did you have to go through to secure your account again?
“I had to sift through the FAQs on the service website to find a phone number to call, as all of my password reset attempts were unsuccessful.”
After our employee’s account email was altered, they contacted customer support. Upon finding the correct phone number, they detailed the unusual activities they observed. The customer support agent verified their identity using geolocation and helped securely reset their account, including changing the email address and password.
Our employee followed crucial steps in securing their account, including checking their most up-to-date credentials on the official platform, attempting various login methods and directly engaging with customer support.
What was the most difficult part about having your account taken over?
“I was grateful I didn’t have to prove my identity and location too extensively. It simplified the resolution process significantly.”
Navigating the account recovery process after an account takeover can be cumbersome, with the most challenging aspect being the numerous steps required to reset an account. However, the use of geolocation to verify identity streamlined this process significantly, enhancing the customer experience.
Streaming service providers can similarly reduce friction and prevent fraud by leveraging technologies like multi-source geolocation, device intelligence, and advanced fingerprinting. These strategies not only streamline the recovery process but also prevent takeovers, enhancing user safety and reducing the risk of platform abandonment due to account recovery fatigue or unsuccessful account recovery.
Effective security measures significantly boost user satisfaction and perceived reliability, helping retain customers. Given that 43% of consumers would abandon a service if their accounts were compromised, robust account security is crucial for maintaining customer loyalty and brand reputation.
43% of consumers would abandon a service entirely if their accounts were compromised
How would your experience have changed if you were not able to swiftly recover your account?
“It would have been a long drawn-out process that I would likely have not pursued.”
Our employee struggled with lengthy FAQs and recovery steps, doubtful they could have recovered their account without geolocation to instantly verify their identity and original account address. They feared that the process, potentially requiring forgotten documentation, would be so protracted that they might abandon it entirely. This sentiment aligns with broader consumer behavior, where 65% of consumers would abandon identity verification after a 10-minute wait, possibly eroding trust and perceived value in the service provider.
To address these issues, a swift, seamless verification solution using geolocation intelligence and advanced device fingerprinting can significantly enhance the user experience. According to a PYMENTS and GeoComply survey, 55% of U.S. consumers already share location data with apps, with many willing to share it for enhanced account security and fraud prevention.
55% of U.S. consumers (138 million people) already share location data with at least one app
Looking forward: Strategies to detect, prevent and stop account takeovers
“Keep an eye on your accounts, log in periodically, and if you see emails in a different language, react quickly!”
While securing your account may feel like a victory, it’s essential to remember that the battle against account takeover fraud is ongoing. Implementing robust preventive measures is crucial to avoid future incidents.
Key strategies to enhance account security include:
- Diversifying your passwords: In 2023, 70% of account takeover victims reported using the same password across multiple sites, resulting in 53% of victims experiencing multiple account takeovers. It’s critical to develop strong, unique passwords for each account.
- Leveraging password managers: Consider investing in a password manager that allows you to secure and store strong passwords. This will enable you to create, remember and regularly update your password.
- Enabling device signals: Enabling device signals like geolocation will not only secure your account by ensuring your device fingerprint and location align with your profile but will also reduce friction from lengthy verification processes.
- Updating your security software: Regularly update your systems to protect your accounts from cyber threats that target outdated software. Download trusted antivirus and anti-malware solutions to add an additional layer of security against various cyber attacks.
- Setting up alerts for your accounts: Set up alerts for login activity and changes in account information to help identify a threat before it becomes a danger.
Tip: Aim for passwords with at least 12 characters and incorporate a mix of uppercase and lowercase letters. Avoid common words or information that is easy to guess.
While there are many preventative measures users can take to protect their accounts, most account takeovers are out of the control of individuals. Therefore, businesses play a crucial role in implementing the right technology to protect their users from security threats.
In the case of our employee, they were fortunate to have been able to recover their account. However, not everyone successfully retrieves their account, causing businesses to lose legitimate customers. Additionally, the problem still remains that many people never find out how their account was taken over in the first place.
Therefore, it’s crucial that in addition to enhancing the account recovery process, strong prevention measures are prioritized. Implementing solutions that can monitor multiple logins from a single device, identify suspicious activity, track user locations, analyze device integrity and detect access from potentially fraudulent locations is essential.
Technologies that leverage advanced geolocation data and device insights provide critical intel that can help detect, prevent and block fraudsters from taking over an account. This secures users by putting measures in place to identify the intent of the fraudster and subsequently blocking them if there is strong evidence of fraud.
