What is Account Takeover?
Account Takeover (ATO) is the process of taking unauthorized possession of online accounts using stolen credentials. This unsanctioned access allows cybercriminals to launch various attacks such as phishing, Business Email Compromise (BEC), control of finances, data loss, and the list continues.
Go behind the scenes of an account takeover as Paul Chavez, an email security expert, discusses how email account takeover (ATO) factors into business email compromise (BEC) & spear-phishing attacks.
Anatomy of an Attack
Account takeover-based email attacks are among the toughest to detect — and the most devastating. Launched from compromised accounts of legitimate users, these attacks prey on the trust established amongst individuals.
PHASE 1: Acquisition
Initial Compromise
Cybercriminals collect email account credentials or user client access via phishing attacks or purchase credentials over the dark web.
PHASE 2: Control
Establish Persistence
The attacker logs into the compromised account and changes account passwords or sets up a mail forwarder to establish control.
PHASE 3: Infiltration
Log in, Lay Low
The attacker monitors account activity and waits patiently to hijack important conversations amongst high-profile individuals.
PHASE 4: Execution
Launch Attack
Most ATO-based phishing scams are aimed at harvesting more credentials, but attacks may involve a BEC scam or the spread of ransomware.
PHASE 5: Exfiltration
Reap Rewards
Depending on the con, credentials are captured, sensitive data is ransacked, or stolen funds are retrieved—all while making it appear that the attack is coming from a legitimate user.
The Agari Advantage
Account Takeover Discovery
Detecting unauthorized users in legitimate email accounts or user clients is critical to defending against account takeover-based attacks.
Fortra's Agari understands the complex information behind the email message and analyzes expected behaviors between sender and recipient to accurately determine if a message from a previously established email account should be trusted. With protection for both internal and outbound email, Agari provides 360° security for all advanced threats.
Account Takeover Prevention
Convincing people into downloading malware or logging into a fake website is core to an ATO-based attack. Identity deception makes it difficult for the victim to know if the sender has malicious intent, and advanced attacks hijack the conversation at appropriate times so the recipient never suspects anything.
By understanding good email-sending behaviors, Agari can spot anomalies and patterns that differ from the norm. Emails can be blocked based on the severity of divergence to ensure untrusted email never reaches the inbox.
Growing Smarter Every Day
It’s not enough to react and detect attacks from a compromised account, but to prevent and deter them before they strike. When phishing attacks are identified early, businesses can protect valuable customer information and reduce the risk of account compromise.
By combining best-of-breed services from Agari and Fortra’s PhishLabs, the Customer Phishing Protection product bundle stops domain spoofing, detects phishing campaigns, and mitigates the infrastructure threat actors rely on.
Even though your business may not have seen a threat, Agari and PhishLabs likely have. And because Fortra is at work already protecting organizations worldwide, it grows smarter and more effective each day.
Learn more about Customer Phishing Protection >

See Agari Phishing Defense In Action
Try this product tour to see why companies including Chevron, Upwork, and Informatica use Agari Phishing Defense to protect their inboxes.
Solutions
Protect Your Organization from Costly Advanced Email Attacks