Six Strategies to Protect Your Business Against Account Takeovers and Scams

By Amber Buening, Security Outreach Director at Huntington Bank

Key Takeaways

1. Brand impersonation and account takeover (ATO) combine to pose a serious threat to organizations, as stolen credentials can be used to steal funds, valuable data, intellectual property, or disrupt operations.
2. Threat actors use a variety of tactics to lure victims into downloading malware or sharing their credentials, including malicious ads and fake website login pages.
3. Protecting your organization’s online presence by registering similar domains and setting up social media accounts can help cut down on brand impersonations.
4. Practicing strong cybersecurity practices can reduce the likelihood of corporate account takeover.

Is your brand being used for malicious purposes? A concerning trend shows threat actors are posing as known businesses online to capture login credentials or sensitive financial information from employees and the public alike. Credentials stolen through this brand impersonation can be wielded to steal funds and shut down operations in what’s known as account takeover (ATO).

An organization’s reputation and finances are at stake with this threat. Understanding brand impersonation and ATO tactics, as well as preventative measures, can help you mitigate these imposter risks.

Understanding the Cyber Threat

Brand impersonation occurs when threat actors mimic a trusted entity, such as a well-known brand or business partner, to deceive employees, customers, vendors, and other users. Attackers can gain access to sensitive financial and account information through tactics like mimicking a trusted entity's websites, emails, and ads. The FBI has noted a rise in cybercriminals posing as known companies in search engine advertisements to lure victims to malicious sites where they can steal credentials or install ransomware.

Corporate account takeover (ATO) involves threat actors stealing employee credentials – often through social engineering tactics or malware – to gain access to corporate accounts. From there, threat actors can initiate unauthorized transactions, steal funds, expose sensitive information, and even disrupt organizations. These attacks come at great cost, with AARP reporting that ATO fraud resulted in nearly $13 billion in losses in 2023, a sharp increase from the prior year’s $11 billion^†.

Easier access to generative AI and machine learning tools has unfortunately aided these malicious attacks by enhancing the frequency and efficacy of tactics. Threat actors are leveraging AI tools to generate realistic impersonation emails and replicate trusted brand imagery, making it harder to identify malicious activity.

Who is Most at Risk?

Industries such as healthcare, utilities, and eCommerce are particularly vulnerable due to their reliance on sensitive data and high transaction volume. However, the threat extends across all sectors for businesses of every size. One report found 83% of surveyed organizations experienced an account takeover attack in the past year, highlighting this danger’s pervasiveness^‡. Larger companies and brands are typically the focus for brand impersonations, but any business could be targeted.

How the Attacks Work

Cybercriminals use a variety of tactics to lure victims into downloading malware or sharing their credentials. Here are four strategies commonly employed to execute brand impersonation and ATO schemes:

• Deceptive Advertising: Threat actors purchase ads that appear at the top of search engine results using a domain similar to a legitimate business^§. These ads, known as “malvertising”, use known brand logos and voice to mimic legitimate businesses and direct users to fake websites designed to collect credentials or deploy malware.
• Fake Websites and Login Pages: Threat actors replicate login pages of trusted platforms such as Office 365, luring employees into entering their credentials. Once the login information has been harvested, attackers can gain access to sensitive accounts often undetected.
• Social Engineering: People are inherently trusting and helpful, and threat actors use that to their advantage. In a social engineering attack, threat actors impersonate executives or trusted business partners (both within the organization and outside of it) to manipulate employees into taking an action. Typically, that action is transferring funds or divulging login information delivered with a sense of urgency.
• Phishing: This tactic is a classic for a reason. In this surprisingly effective strategy, threat actors send an email mimicking a known brand or trusted person that contains a malicious link or attachment containing malware. With the continuing emergence of generative AI, these attacks have only become more effective and difficult to recognize.

Six Prevention Strategies and Actions to Help Protect Your Organization

1. Monitor Account Activity and Verify URLs

• Use alerts to track account changes and monitor activity.
• Never click links directly from emails or texts. Instead, navigate to websites through secure, bookmarked URLs to review logs, messages, or notices. Doing this helps reduce the risk of clicking on malicious search engine advertisements.
• Consider using a password manager. These tools can help ensure your credentials are only used for authenticating your saved sites. Malicious sites will have a different address, therefore not matching the site saved in the password manager.

2. Treat Messages with Caution

• Use a secure email solution and monitor message change notifications.
• Be suspicious of unsolicited contact via email or social media from any individual you do not know personally and/or containing messages enticing you to open a link or attached file.

3. Verify Who’s Contacting You

• Use dual authentication or authorizers to make any changes to accounts, financial information, or other similar decisions.
• Confirm requests for account changes or financial actions via alternate communication channels, such as a known phone number or in-person conversation with the trusted business partner.

4. Educate Employees, Customers, and Vendors

• Prioritize employee education on common cybersecurity tactics to reduce incidents.
• Train employees on identifying phishing attempts and recognizing legitimate software download sources.
• Vendors and other third-party entities could fall victim to impersonation and ATO, introducing further risk to your organization. Practicing strong third-party risk management that includes brand impersonation and account takeover awareness can help mitigate it.
• Consider warning customers about the rise in these threats. The dual benefit of this is it can help prevent customers from becoming victims and reinforce your organization’s commitment to security.

5. Safeguard Your Domain and Online Presence

• Register variations of your domain name to help prevent spoofing.
• Consider investing in domain protection services to notify you when similar domains have been registered to ones you own.
• Protect your brand on social media platforms by registering on official accounts, even if you’re not planning on being active on the platform.
• Registering a company's trademarks with Google and Microsoft Bing can help cut down on advertisement abuse that leads to phishing.

6. Adopt Strong Cybersecurity Practices Across Your Organization

• Follow password security best practices.
• Enable Multi-Factor Authentication (MFA) on all your banking, social media, etc. to add an extra layer of security by requiring a code or app confirmation for logins.
• Ensure your organization’s antivirus, malware protection, and email security software are active and the most updated version available.
• Protect your personal and corporate-managed business mobile devices by reviewing the National Security Agency’s best practices.

What to Do If Your Organization is Impersonated

The first step is to contain the threat by disconnecting compromised accounts from critical business systems and change all credentials immediately, especially for privileged accounts. Follow your organization’s incident response plan to help mitigate damage.

If your organization is targeted through brand impersonation or fraudulent search engine advertisement, act swiftly by:

• Reporting fake accounts or advertisements to the social media platforms and/or website hosting providers' abuse reporting mechanism to request takedown.
• Reporting the incident to the FBI Internet Crime Complaint Center (IC3) and to the Federal Trade Commission.

Protecting Your Organization’s Future

Brand impersonation and corporate account takeover threats are escalating. Businesses failing to address these risks could face severe financial and reputational damage. Huntington can support you with the insights, resources, and expertise needed to help you develop a strong cybersecurity and fraud prevention strategy. Explore our cybersecurity and fraud resources, then contact us to learn how we can help you protect your employees and your business.