Skip to main content

Home Account takeover

Account takeover

(also account hijacking)

Account takeover definition

Account takeover, often called account hijacking, is a form of identity theft where a malicious actor gains unauthorized access to a user's online account. The attacker could achieve this by exploiting weak security measures, using phishing tactics, leveraging stolen credentials, or employing brute force attacks. Once control of the account is secured, the perpetrator can misuse it for fraudulent activities, stealing sensitive information, damaging the user's reputation, or locking the original user out.

See also: brute-force attack, angler phishing, synthetic identity theft

Account takeover examples

  • E-commerce fraud: A malicious actor can gain control of a user's online shopping account, make unauthorized purchases, or redirect shipments to their location.
  • Social media hijacking: The attacker takes over a user's social media account and uses it to spread harmful content or spam, damaging the user's online reputation.

Preventing account takeovers

  • Strong passwords: Use a combination of letters, numbers, and special characters. Avoid reusing the same passwords across multiple platforms.
  • Two-factor authentication: Enable two-factor authentication whenever possible for an added layer of security.
  • Avoid phishing attempts: Be cautious of unsolicited emails or messages asking for your account information.
  • Regularly update software and devices: Keep your operating system, applications, and devices up to date with the latest security patches and updates.