Question: What is a data company doing writing about Account Takeover (ATO)? Answer: getting readers to understand what ATO is and how to use data to prevent it.
Account Takeover (ATO) is when a legitimate user’s online account – email, social media, banking, corporate systems, etc. – are accessed by an attacker. The reasons for doing this are not benevolent…
Some common sense ways to prevent this include:
- Using a password manager
- Using Multi-factor Authentication (MFA)
- Turning on account alerts
- Keeping abreast of cybersecurity best practices: phishing training, access control, and ongoing awareness training
What to do if you think you have an ATO issue:
- Lock the account
- Add MFA
- Reset your credentials
- Notify the system administrator for the account and/or IT
Using a data driven strategy to avoid ATO
- Simple telephone number authentication:
- make sure that the area code is valid (for an example: no area code begins with “1” or “0”
- Make sure the second three numbers (NXX) are valid (for an example “555” is invalid – that is why it is used for numbers in TV and movies)
- Simple email authentication:
- Ensure that the domain matches the email provider (example: “gmail” always ends in “.com”, “att” always ends in “.net”
- Watch for special characters
- Validate or research phone numbers and email addresses using secondary services – Identity Gateway from Digital Segment can be used to determine if a phone or email is active, and to whom it is assigned
Digital Segment provides many tools to our customers to assist them in identifying fraud or ATO situations. Please contact us for more information.