Fraudulent Account Takeover: How to Protect Your Usernames and Passwords

A fraudulent account takeover is when a cybercriminal takes over ownership of an online account using a stolen username and password. The username and password is often purchased illegally over the dark web. Your usernames and passwords can end up on the dark web through social engineering, data breaches, and other phishing attacks that are tailored to obtain your personal information.

What happens: After a cybercriminal gains access to an account, they will attempt to withdraw money, make purchases, or extract more personal information that they can sell or use the information to gain access to more of your online accounts.

How to protect yourself:

• Use a unique username for each online account.
• Do not use the same passwords for every account.
• Use complex passwords that are difficult to guess that contain numbers, special characters, a combination of lower and upper case letters, and words that are not found in the dictionary.
• Do not use personal information in your passwords (names, pets, birthdays, etc).
• Use multifactor authentication when available, making it more difficult to gain access to an account with a single password.
• Do not respond to social media quizzes or memes asking you questions like: What was your first car? What was the name of the street you grew up on? Where were you born? Etc.