Loading...

What is Email Account Takeover Fraud?

Published: June 25, 2024 by Theresa Nguyen

With more consumers online, bad actors are taking the opportunity to commit more financial crimes, such as account takeover fraud. This online scheme resulted in nearly $13 billion in losses in 2023, up from $11 billion in 2022.1 So, what do organizations need to know about this form of identity theft? And how can they prevent it?

Let’s explore one type of account takeover fraud: email account takeover.

What is email account takeover?

Email account takeover occurs when a fraudster gains access to a legitimate user’s email account through data breaches that expose credentials, purchasing from the dark web, or phishing scams. It’s usually one of the first steps in a broader account takeover scheme.

Once fraudsters have access to a consumer’s email or social media account, they have access to the private information in that consumer’s inbox: financial statements, health records, and other forms of PII. Fraudsters can also now use the consumer’s email to impersonate them with friends, family, financial institutions or other businesses they interact with.  

They can also gain access to other accounts and here’s where email account takeover becomes more dangerous. In this attack, the fraudster gains access to an email or mobile account. Once they have an email, they start by trying to guess the user’s password, commonly called a brute force attack, or through password spraying, where they use commonly used passwords, i.e. ‘password’ or ‘123123 A recent Google survey found that 65% of people use the same password for some or all of their online accounts. This, along with a corresponding email address can give fraudsters further entre into a consumers other accounts. If unsuccessful, they’ll then execute a ‘forgot password’, password reset, or onetime password. Then, they take over the victim’s account with their financial institution to facilitate the transfer of funds from the compromised account.

  • 57% of businesses are experiencing rising fraud losses associated with account opening and account takeover.2

While email account takeover can be quickly executed, detecting it can take time. Unlike credit card fraud, where an individual may soon notice suspicious activity, an email account takeover can go undetected for longer. The owner may not realize until later that their account has been compromised, especially with a dormant account or secondary account they use less. As a result, criminals have more time to facilitate additional attacks.

LEARN MORE: Explore 2024 fraud trends listed by Experian.

How does it affect your organization?

Account takeover fraud doesn’t just impact consumers, it can result in significant financial losses for organizations. For example, if your organization offers credit products, you might have to cover the costs of disputing chargebacks, card processing fees, or providing refunds. In the case of a data breach, you may have to pay fines against your organization for not properly protecting consumer information.

  • Nearly two-thirds of consumers say they’re very or somewhat concerned with online security.3

But email account takeover isn’t just costly — it can damage your organization’s reputation. Consumers expect organizations to have proper security measures in place to protect their information. If a data breach occurs, your security can seem weak, leading consumers to lose trust in your organization. As a result, they may potentially take their business elsewhere.

The importance of prevention

While consumers listed identity theft as their top concern when conducting activities online, they’re still interacting, opening new accounts, and transacting digitally.4 Coupled with the rise of account takeover fraud and associated losses, it’s more crucial than ever for organizations to accurately detect and prevent these attacks. To do this, they must have a proactive fraud prevention strategy in place.

Account takeover fraud prevention requires your business to maintain and continuously reaffirm confidence in the identity data you collect. Your team can monitor, segment, and proactively act on customer identities that display a higher risk of fraud than was determined at account origination through risk-based fraud detection models, machine learning, and advanced analytics.

Experian offers many flexible solutions, including:

  • CrossCore® Solutions are best practice-based groupings of fraud and identity products that enable organizations to solve common to complex issues. For example, our fraud risk solutions include email and phone intelligence to improve verification for thin-files and other challenging populations. Experian offers phone/carrierbased matching capabilities with address validity and occupancy data for >95% of U.S. households.
  • FraudNet is a device intelligence solution that analyzes hundreds of device attributes and prevents fraud on all digital channels. Combining contextual data, behavioral data, and device data, it bridges the gap between physical and digital identity to achieve fraud capture rates that exceed industry averages.

To further alleviate account takeover fraud, your organization can offer educational resources for fraud prevention. Using various, strong passwords across their accounts, and changing them regularly, is a foundational way consumers can help ensure their accounts are secure. Leveraging user names that are different from your email can also help. If a fraudster is able to takeover an account and initiate a lost password request, and that password is used for other accounts, that fraudster now has the credentials they need to further defraud that consumer. By spreading awareness about identity fraud risks and providing best practices for prevention, you can better protect your organization and consumers.

LEARN MORE: Building a multilayered fraud and identity strategy with CrossCore Solutions

Partnering with Experian

Email account takeover, along with other types of fraud, can be detected and prevented with the right partner. Experian’s fraud management solutions can help your organization accurately verify customers and assess risk with our account takeover and fraud management solutions.

Explore Experian’s account takeover solutions and watch an on-demand recording of our Fraud Risk and Identity Verification Solutions tech showcase.

Learn more Watch tech showcase

1 Identity Fraud Cost Americans $43 Billion in 2023, AARP.

2-4 2023 U.S. Identity and Fraud Report, Experian.

Related Posts

Dormant fraud is an especially insidious form of account takeover fraud that often goes undetected until it’s too late. Learn how to protect your organization.

Published: December 5, 2024 by Devon Smith

Organizations must stay ahead of fraudsters by leveraging technology, training, and collaboration to combat synthetic ID fraud.

Published: December 4, 2024 by Alex Lvoff

Browser fingerprinting, alongside other fraud prevention tools, can help businesses safeguard their operations and uphold customer trust.

Published: November 26, 2024 by Theresa Nguyen