Skip to Main Content
Federal Reserve Bank of Richmond
Menu

Anatomy of an Account Takeover

Supervision News Flash
March 2021
hand reaching through a laptop screen reaching for a wallet

In the world of cyber fraud, account takeovers loom large. Financial Crimes Enforcement Network Director Kenneth A. Blanco noted in 2019 that FinCEN was seeing approximately 5,000 account takeover suspicious activity reports monthly. In fact, FinCEN reports that in 2019, Fifth District depository institutions filed 8,115 suspicious activity reports related to account takeovers, with another 7,450 filed for 2020. With such a significant number of related filings, a discussion of the anatomy of an account takeover seems timely.

What is an account takeover? Account takeovers involve a cybercriminal gaining access to a customer’s online banking credentials, which are then used to access and transfer funds out of an account. As an example, a common method is social engineering through phishing emails and texts, including exploiting the recent pandemic to target customers that may want to seek assistance through provisions of the CARES Act. Once a customer falls for a phishing scheme and discloses their account credentials, these credentials are then used by the fraudster to establish an online transaction profile and customer funds are then wired out to the fraudster.

To protect your customers from account takeover schemes, consider monitoring for the following red flags. The creation of an online banking profile where one didn’t previously exist, with money shortly wired out to unrelated individuals or multiple deposits and/or withdrawals on the same account in the name of individuals with no apparent relationship to the customer. For a larger list of red flags and account takeover types, see the recent FinCEN Advisory FIN-2020-A005 and Director Blanco’s comments at the Federal Identify Forum and Exposition September 2019.

We hope this information will aid in recognizing account takeover attempts and in educating customers on how to safeguard their account information. In future articles, we will discuss other specific account takeover methods criminals use to access customers’ credentials. For any questions, please reach out to your Richmond Fed central point of contact.