...

...

Account Takeover

Alternative Forms

• Account Hijacking

• Identity Hijacking

• Identity Takeover

• Identity Usurpation

Definitions

Definition 1

•  Complete literature review and provide definition

One type of identity theft that consists for a perpetrator to take control of an existing identity of another entity without authorization. A common motivation for account takeover is to earn money by perpetrating fraud.

Examples

Eve found that Alice’s dog was named Bob. To takeover her social network account, Eve tried to login as Alice using “BOB” as a password. But because Alice was using MFA, Eve’s nefarious plan failed miserably, even though “BOB” was the right password.

Related Terms

• Account

• Credential Theft

• Identity Theft

• True Name Identity Theft

...

(FBI and IC3, 2019, p. 26)

- Enable two factor-authentication whenever applicable. Two factor-authentication can prevent account takeover.
- Use strong and unique password for every online service. Re-using the same password in various services is a serious security issue and should be avoided at all times. Using strong and unique credentials in every online service limits the risk of a potential account takeover to the affected service only. The use of a password manager software would make the managing of the whole set of passwords easier.

(ENISA, 2019, p. 45-46)

Identity takeover or identity usurpation: the actor takes over an existing identity of another individual (i.e., the original identity bearer) without this individual’s consent. In most cases, the acquired identity was already established in a certain social structure; authentication therefore already took place or can easily be carried out because the required information already exists.

...