Account takeover is a cyber threat that involves a hacker successfully gaining access to a user’s account credentials. This type of attack has been on the rise for quite a while now, as best displayed by it’s growth of 282% between Q2 2019 and Q2 2020, and is expected to only escalate further as businesses continue to rapidly adopt SaaS services like Microsoft 365.


How Does Account Takeover Happen?

Account takeover can occur in a number of ways, and the number of potential entry points is only increasing as businesses expand their use of digital communication and data storage platforms.

  1. Phishing and Spear Phishing
    Cybercriminals will target users via email and trick them into revealing their login credentials – usually by directing them to a spoofed login screen of a trusted service provider with urgent messaging like ‘Your account has been locked due to a suspicious login attempt. Please confirm your identity to unlock your account.’

  2. Hacking
    This more traditional approach to account takeover involves an attacker gaining access through brute force. Most commonly, hackers will leverage automated scripts that churn through password combinations in the hopes of generating a successful key.

  3. Social Engineering
    Social engineering attacks are often delivered via email and can initially appear quite similar to spear phishing campaigns. However, the key difference is that social engineering emails don’t usually involve malicious links or brand impersonation – instead, they are known to impersonate trusted people like co-workers, taking time to earn the target’s trust before asking for the credentials of a business account directly.

  4. Credential Stuffing
    Data breaches and leaks happen far more often than we like to believe, but even if you know you have been involved in one and change your login credentials before noticing any suspicious activity within the account in question, this doesn’t mean you’re safe from attack. These credentials are often sold on the dark web, allowing buyers to test the login details against a variety of popular websites in the hopes that their target has used the same password across multiple accounts.


The Impact of Account Takeover

Depending on the nature of the account that has been compromised, businesses can expect to face a wide range of different impacts, from data loss to fraudulent financial transfers, and even reputation damage. One secondary threat that is rising in popularity, however, is lateral phishing which occurs when an attacker gains access to a user’s business email and leverages it to spread their malicious messaging throughout the rest of the network, resulting in further account takeovers and a much larger overall impact.


Increased Risk to M365 Users

As opposed to businesses who use separate services for their emails, internal communications, data storage and more, Microsoft 365 users have all of these vital areas accessible through one single account - a feature that is incredibly appealing to new customers thanks to its convenience, but equally appealing to attackers for the same reason. Because of this it comes at no surprise that Microsoft was named the top impersonated brand within phishing attempts last year.


How to Combat Account Takeover

There are a number of ways you can work to prevent account takeover attacks, focusing both on securing the accounts themselves as well as the email vector:

  • Security Questions 
    Users are required to answer pre-determined questions after successfully providing a password. While this is a very basic form of increased security, it increases the likelihood of protecting against a malicious login attempt.

  • Two-Factor Authentication (2FA)
    By connecting a separate account like a phone number or alternate email address, you can limit unrecognized devices or IP addresses from accessing an account, even if they have the password.

  • Login Attempt Limits
    By providing a finite amount of login attempts for secure accounts, cybercriminals can’t spam login attempts, hoping to find the right password.

  • Employee Education 
    Employees are often the last line of defence against account takeover – properly educating them on the signs and symptoms of a compromised account is essential. Training tools that showcase account takeover interactions or phishing emails can help them protect their online identity and avoiding social engineering tricks.
    Find out more about Security Awareness Training

  • AI Detection 
    Static email policies can be tricked into thinking that account takeover attempts, whether leveraging brand impersonation or lateral phishing, are actually legitimate. By using an inbox defence solution with artificial intelligence and machine learning, any unusual requests, suspicious language or domains not associated with the mentioned brand can be flagged with behavioural analysis.
    Find out more about AI-Powered Inbox Defence