...
...
...
...
...
...
...
...
Account Takeover
Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Alternative Forms
Account Hijacking
ATO
Acronym
Identity Hijacking
Identity Takeover
Identity Usurpation
Definitions
Definition 1
An Account Takeover is a class of identity theft that consists for a perpetrator to take control of an existing identity of another entity without authorization. A common motivation for account takeover is to earn money by perpetrating fraud.
Conceptual Diagram
...
Examples
Eve found that Alice’s dog was named Bob. To takeover her social network account, Eve tried to login as Alice using “BOB” as a password. But because Alice was using MFA, Eve’s nefarious plan failed miserably, even though “BOB” was the right password.
Related Terms
Account
Credential Theft
Identity Theft
SIM Jacking
True Name Identity Theft
Quotes
The usual technique was to loot whatever customer accounts you could and send the money to compromised accounts at whatever bank was slowest at recovery. Of the £35m lost by UK banks in 2006, over £33m was lost by a single bank. One of its competitors told us that the secret was to spot account takeovers quickly and follow them up aggressively; if money’s sent to a mule’s account, he should find his account frozen before he can walk to Western Union.
...
Typically, identity thieves will use the personal information to obtain credit, merchandise, services in the name of the victim, or false credentials for the thief. This can result in such things as ruining the victim’s credit rating, generating false criminal records, and issuing arrest warrants for the wrong individuals. Identity theft is categorized in two ways: true name and account takeover. True name identity theft means the thief uses personal information to open new accounts. The thief might open a new credit card account, establish cellular phone service, or open a new checking account in order to obtain blank checks. Account takeover identity theft means the imposter uses personal information to gain access to the person’s existing accounts. Typically, the thief will change the mailing address on an account and run up a huge bill before the person, whose identity has been stolen, realizes there is a problem. The Internet has made it easier for an identity thief to use the information they’ve stolen because transactions can be made without any personal interaction.
(Harris, 2007, p. 266)
Bibliography
See Also
Filter by label (Content by label) | ||||||
---|---|---|---|---|---|---|
|