What is an Account Takeover?
Account takeover is an attack in which cybercriminals take ownership of online accounts using stolen passwords and usernames. These cybercriminals then use these credentials to commit fraud. They purchase cardholders’ Personally Identifiable Information (PII) via the dark web—typically gained from social engineering or data breaches. Stolen PII (e.g., name, address, email, phone number, date of birth, business name, cellphone provider, social media and login accounts and passwords) provides the necessary credentials for a fraudster to pose as a cardholder.
With this information fraudsters can engage with the cardholder’s financial organization and make changes to accounts or card settings to execute fraud. They may make demographic changes (e.g., phone numbers, emails, passcodes), or apply for increased limits, Personal Identification Number (PIN) changes and/or travel exemptions to suppress or interfere with our fraud-monitoring tools.
What can you do to prevent it?
CNB employs the highest level of security and fraud detection available, but the first step in preventing account takeover lies with you. Being cautious with your personal information is the best defense.
- Never use public wi-fi to access your bank accounts and be cautious of any emails or texts you receive that you weren’t expecting. Don’t click on links within them. Be aware of what information you choose to submit online and never easily provide personal information.
- If you receive an automated message you’re not expecting, do not respond to the call, text, or email. Contact the company in question using the official customer service number listed on the company’s legitimate website.
- Always keep two-factor authentication codes private. Do not provide them via phone, text, or email. These codes should only be used to sign into the banking, merchant, or payment account that you’re trying to access.
- Set up account alerts within Online and Mobile Banking to be notified of changes made to your accounts in real-time.
- To add alerts within the mobile app, click on More, then Alerts under Settings.
- Choose if you’d like push notifications and live updates.
- Choose from a variety of different alerts regarding account activity and security.