Online theft is a huge concern in today’s technology-driven world. Cybercriminals are on the hunt for unsuspecting victims and unfortunately, this theft, called account takeover fraud, is becoming a common trend these days. Account takeover fraud occurs when a cybercriminal gains unauthorized access to a victim’s account with the intent of stealing money or sensitive information to use for monetary gain. Theft by an account takeover is not a complex hacking crime, and often it occurs when people unknowingly give away their personal information to the thieves! It can also often go unnoticed for some time, which makes it even more dangerous for victims.
Here are some tips from the professionals at Members Plus Credit Union to help keep your money and identity safe and secure from cybercriminals that are out to scam you.
According to the FBI’s Internet Crime Report Center, account takeover fraud is when cyber criminals deliberately gain unauthorized access to a victim's online banking account, payroll information, payment apps, or even social media accounts. They do this to steal your money or to gain information to open new accounts for personal gain. Cyber criminals may gain access to a victim’s online account through a variety of methods. Once these criminals have completed an account takeover, not only do victims suffer a financial loss, but they also often lose access to the accounts, which can wreak financial havoc for months and even years.
1. Social Engineering: With this type of scam, criminals pose as a financial institution employee, customer service rep, or even IT support of a trusted company in an effort to manipulate the victim to gain personal information or even account login credentials for an account takeover. They create urgency and insist that the account is in jeopardy from scammers and even act like they are trying to protect you. It is important to remember that financial institutions, including Members Plus Credit Union, will NEVER ask for any of this information from you. It is crucial that you DO NOT provide this information to anyone, no matter who they say they are.
2. Phishing Emails and Websites: This cybercrime occurs via the use of texts, emails, and websites. The thieves send fake alerts prompting users to click links and log into their accounts. Victims are then directed to fake sites where their login information is compromised to gain access for an account takeover. These phishing websites look real and appear to be legitimate online banking or payroll websites with company logos and branding, but it is a scam to gain your login credentials to steal your money or identity and perform an account takeover.
3. Password Reuse: Cybercriminals are experts at exploiting weak passwords! Those accounts that do not have the multi-factor authentication are in greater danger of an account takeover from these thieves. Keeping your password safe is important, as is using different passwords for accounts. One compromised password can impact multiple accounts and wreak havoc on your finances for a long time, but with proper care and changing passwords occasionally, you can help prevent account takeover.
Warning Signs You Are The Victim of an Account Takeover
If you feel that you are the victim of an account takeover, it is important that you contact your financial institution immediately! You will also want to change your password as soon as possible to avoid further theft. Next, file a detailed complaint with the FBI Internet Crime Complaint Center and be sure to indicate that the crime was an account takeover in the incident description. Even after the issue has been reported to the authorities and the password has been changed, it is crucial to review the account activity on a regular basis to ensure the account is safe again.
Most internet fraud and theft relies on the cybercriminals gaining trust for an account takeover. Be diligent when reading emails, answering texts, clicking on any links, and providing personal information to anyone you do not personally know.
Remember that Members Plus Credit Union will NEVER ask for passwords, codes, or log-in info over the phone, via email, or text. If you have any doubt about the legitimacy of an email, text, or phone call, do not hesitate to contact MPCU or any financial institution directly to verify and confirm the message came from a trusted source versus a cybercriminal.
We encourage you to stay alert and aware of these cybercrimes and understand how to stay safe from an account takeover. Pausing to verify the legitimacy of the correspondence before clicking on any link or sharing any personal or account information will help keep your identity safe and your money secure.