The Doppelganger: Account Takeover Fraud (ATO)

Backspace Tech
5 min readMar 29, 2024

Cyber Chaos Strikes: Millions Plagued by Digital Intrusion!

· Shocking Surge: 29% of Population Falls Victim to this Unprecedented Epidemic!

· Workplace Warfare: Business Accounts Targeted in this Onslaught.

· Year of Terror: One in Five Suffered this Devastating Assault.

· Social Media Meltdown: Over Half of All Breaches Strike Online Profiles!

· Financial Fiasco Unfolds: Victims Lose $180 on Average!

Curious about what is the “Alarming” thing we are talking about?


It's none other than the nefarious “Account Takeover Fraud”

Let’s know about this Havoc!

Account Takeover Fraud (ATO)

Account Takeover Fraud (ATO) is when a cyber attacker/hacker gains control of a legitimate online account, such as a bank account, email account, or social media profile, without the owner’s consent. This unauthorized access is typically achieved by acquiring the account holder’s login credentials through methods like phishing, malware attacks, or exploiting data breaches.

Watched the teaser of the abysmal issue!

Let us scout the full picture now!

How ATO is Done?


· Phishing

· Malware

· Mobile Banking Trojans

· Credential Stuffing

· Session Hijacking


Type of cyberattack that relies on social engineering, i.e., it manipulates people rather than exploiting technical vulnerabilities. Criminals use emails, texts, or social media messages that appear to be from legitimate sources, like banks or social media platforms. These messages create a sense of urgency or fear, tricking the victim into revealing sensitive information.


Malware aka malicious software is designed to harm a victim’s computer system. Malware acts as a tool to steal a user’s login credentials.

Here’s how it works:

Tricking the User:

Attackers might disguise malware as:

  • Downloads from untrusted sources: Apps downloaded from unofficial app stores or websites can be laced with malware.
  • Fake updates: Pop-ups mimicking legitimate software updates (e.g., Flash player) can trick users into installing malware.

Types of Malware for Credential Theft:

  • Keyloggers: Once installed, they record everything a user types, including usernames, passwords, and banking credentials.
  • Trojans: These masquerade as harmless software but steal data in the background after installation.

By installing these on a victim’s device, attackers can steal their login credentials and potentially gain access to their bank accounts or other sensitive information.

Mobile Banking Trojans:

A mobile banking trojan operates by displaying a counterfeit screen overlay on the user’s device interface, intercepting login credentials entered by the user. This malicious software can also manipulate transaction data, redirecting funds to fraudulent accounts. The trojan persists during subsequent transactions, altering data such as fund transfers to surreptitiously redirect money.

Credential Stuffing:

Credential stuffing is a brute-force attack method wherein hackers deploy numerous combinations of usernames and passwords until gaining access to an account. Utilizing bots, compromised credentials are systematically tested across various websites or applications. Password cracking tools automate this process by employing leaked or stolen usernames alongside common password dictionaries, potentially supplemented with custom dictionaries.

Session Hijacking:

Session hijacking involves unauthorized access to authenticated user sessions by stealing session and authentication tokens stored on client devices, through techniques like Man-In-The-Middle (MITM) attack.

In an MITM attack, hackers intercept user data transmission, often exploiting insecure public networks. By positioning themselves between users and financial institutions, they clandestinely manipulate and gather data, sometimes setting up fake Wi-Fi networks to lure unsuspecting users. Additionally, vulnerable mobile banking applications can be exploited for session hijacking.


· Phone Scams

· SIM Card Swapping

Phone Scams:

Phone scams involve perpetrators deceiving individuals over the phone, with seniors frequently targeted due to factors like listed phone numbers, homeownership, savings, and good credit. Particularly vulnerable seniors, such as those with dementia, are at higher risk of repeated exploitation.

SIM Card Swapping:

SIM card swapping involves a fraudulent scheme where a fraudster manipulates mobile carriers’ services to transfer a victim’s mobile phone number to a new SIM card. The fraudster impersonates the victim and convinces a call center agent to port the number to the illegitimate SIM card.

Subsequently, the fraudster gains control of the victim’s mobile number, enabling unauthorized access to banking apps and potentially compromising security mechanisms like one-time passwords sent via text messages. This facilitates fraudulent transactions and unauthorized banking operations.

How Account Takeover Fraud Happens:

1. Fraudster gains access to victims’ accounts using compromised credentials

2. Fraudster initiates small, non-monetary changes to account details like modifying personally identifiable information, password change, etc

[Note: These changes appear regular and are harder to detect as fraudulent]

3. If changes are successful, the fraudster gains the freedom to proceed with financial and other transactions.

4. Utilize victims’ accounts for money transfers, taking out loans in victims’ names, etc

5. Gather more information from victims’ accounts. More data facilitates easier access to additional victim accounts and services.

Let us know about the Calamity!

The Repercussion

On customers,

Account takeovers have a profound impact on customers:

  • Financial loss and inconvenience are the primary outcomes.
  • Incessant toying between the merchant and bank for help
  • A stressful and time-consuming process

On Issuing Banks,

The negative impact of account takeover fraud on issuing banks encompasses several key aspects.

  • First, there will be a notable increase in chargeback occurrences, representing a financial burden.
  • Additionally, the versatility of fraudsters may extend to activities like money laundering, further complicating the situation.
  • The investigation process is often challenging, leading to escalated operational costs.
  • Moreover, customer dissatisfaction can tarnish the bank’s reputation.
  • Compliance with card network thresholds for fraud filing is crucial, as failure to meet them can result in penalties, including criticism of the bank’s fraud detection capabilities.

Exciting News!

The Chargeback Comic is Out:

[Poster Inspiration: Tom and Jerry]

To know more about the payment ecosystem, chargeback, and dispute nuances through delightful bytes of information, follow us on LinkedIn, Twitter, Facebook, and Threads.



Backspace Tech

Backspace Tech offers Fintech-as-a-Service to automate,simplify, and disrupt the payment industry by handling chargeback requests through a plug-and-play model.