Business Daily Media

The Times

.

Account takeover is on the rise: how to protect yourself

KUALA LUMPUR, MALAYSIA - Media OutReach - 28 October 2022 - Everyone has a friend who has been subject to account takeover attack. With 24 billion exposed accounts available online, this type of identity theft is now rampant in the digital domain.

This article from OctaFX security experts explores the nature of account takeover attacks and advises on how to protect yourself from them.



A recent research by Digital Shadows showed that more than 24 billion exposed credential pairings are available for sale online. That is a 65 per cent increase from 2020, probably due to more sophisticated malware and social engineering, as well as improved credential sharing.

With passwords such as ‘123456’ still accounting for more than one hundred million exposed cases, account takeovers are bound to continue. However, there are ways to avoid them, which we will cover later in the article. First, let’s consider whether account takeover (ATO) is something that everyone really has to worry about.

Account takeover: how it happens

The ATO attacks are somewhat similar to burglary. Fraudsters or hackers either crack your password using special software—just as burglars do to open the doors of a building—or get it from you through social engineering and dedicated malware. Then they make it impossible for you to log into your account by changing the password. Unlike the case with burglars, you can lose all your sensitive information, as well as your money, at once. After online fraudsters take all they want from your accounts, they might sell it on the dark web as part of a database consisting of such accounts.

There are several most common types of account takeover attacks carried out to steal your credentials:

  • Social engineering. These types of attacks typically use phishing emails from a service or organisation you are expected to trust, such as your bank, a broker, or a payment system. This email attempts to steal your personal information, including logins and passwords. Social engineers might also call you (that’s called vishing) and pretend to be bank representatives or customer service workers of some of the services you use. Then they attempt to trick you into giving them your login credentials or other sensitive information.
  • Malware. It’s easy to download malware accidentally. It may look just like another message from a client with an attached file, or as a file of a book you wanted to read so much. However, if you open it, there’s almost no way back—the program can encrypt all the files on your computer and block your system. The only way to decrypt the files and unblock the system is typically a hefty ransom.
  • Automated attacks. This type of ATO attack involves brute-forcing passwords, credential stuffing, where credentials obtained from an attack on one service are used for logging into other services, and password spraying, where a few common passwords are used for logging into different accounts.
  • Cyber attacks. Hackers might exploit vulnerabilities in applications and sites to obtain their user databases with logins and passwords. Then they either sell the databases on the dark web or try to use them themselves.

Five tips from OctaFX on how to protect your accounts from takeover

The OctaFX security experts have come up with several important rules that every internet user must follow to protect their accounts from cyber attacks:

  • Always use strong passwords. Many strong passwords. Ideally, let each of your accounts have its own password. For critical accounts, create passwords longer than ten characters, with combinations of upper-case and lower-case letters, numbers, and special characters. Use password managers, such as KeePass, to store your passwords.
  • Use MFA (multi-factor authentication), such as 2FA (two-factor authentication), to confirm your identity via email notification, smartphone, PIN, fingerprints, or facial recognition. An alternative to MFA is an authenticator app, which generates random six-digit codes every thirty seconds that you must enter when trying to log into your account.
  • Don’t use your work email address for personal use. Preferably, use multiple personal email addresses.
  • Don’t save your bank cards with any online store. When buying something on the internet, make sure the site you are using is reliable and secure.
  • Don’t use public Wi-Fi or any other public network when logging in to important accounts.
  • Don’t follow suspicious links and don’t download attachments from suspicious emails that you have not seen before.

Preventive measures against potential ATO attack

Don’t panic. If you received a message indicating that someone is trying to log into your account, check its login history and the devices that have access to it, if such information is available. If anything seems suspicious to you, or you know for certain that it wasn’t you who entered the account, change your password immediately. Look carefully if any information of yours has been altered or removed, and try to recover it.

Four steps to take after an ATO attack

  • Try to regain access to your accounts. If you are lucky and the fraudsters haven’t changed your password or removed your recovery phone number, you can access your account and change the password yourself. Remember to do it quickly!
  • If you cannot log into your account any more, try contacting the support team of the service or site with which you have the account. Ask them to block your account. Be ready to provide evidence proving that you owned the account in the first place, as well as your identity documents.
  • If cybercriminals took over your primary email account, make sure they cannot access other platforms and services linked to it, especially the ones with your bank card added as a payment method. Ideally, call the bank and ask to block all the cards you used for internet payments. Try to remove the compromised email from all accounts you still have control over. Criminals will easily log into most of them, having access to your email.
  • If your work email is under attack, immediately notify your employer and ask the tech department to block all access the email account has to sensitive business information.

An account takeover is something anyone may encounter at some point in their internet life. Following the above rules significantly reduces the risk of becoming a victim of ATO and losing all your most important accounts at once.

Hashtag: #OctaFX

The issuer is solely responsible for the content of this announcement.

About OctaFX

is a global broker that has been providing online trading services worldwide since 2011. It offers commission-free access to financial markets and a variety of services utilised by clients from 150 countries who have opened more than 12 million trading accounts. Free educational webinars, articles, and analytical and risk management tools the broker provides help traders reach their investment goals.

The company is involved in a comprehensive network of charity and humanitarian initiatives, including the improvement of educational infrastructure, short-notice relief projects, and supporting local communities and small to medium enterprises.

In the APAC region, it managed to capture the 'Decade Of Excellence In Forex Asia 2021' award and the 'Best Forex Broker Malaysia 2022' by Global Banking And Finance Review, World Finance, and Cfi.Co, respectively.

News from Asia

CG Capital, the Leader in Branded Residences in Thailand, Marks Milestone Success for InterContinental Residences Bangkok Asoke Amid Global Economic Uncertainty

Reaffirming Thailand's status as a world destination for the luxury residences market BANGKOK, THAILAND - Media OutReach Newswire - 30 June 2026 - CG Capital Advisory Limited (CG Capital), ...

FastMed HK Welcomes Greater Bay Area Visitors to Access Doctor Assessment and Prescription Dispensing Services in Hong Kong

HONG KONG SAR - Media OutReach Newswire - 30 June 2026 - FastMed HK, a Hong Kong online dispensing platform, has announced its continued focus on supporting Hong Kong residents and Greater Bay Are...

L’Occitane en Provence Marks 50 Years of Crafting Life Ties, Unveils Global Reinvention and Celebrates in Malaysia with "Maison Surprise"

From Haute‑Provence to the World, a New Chapter Where Beauty Connects People, Communities and NatureKUALA LUMPUR, MALAYSIA - Media OutReach Newswire - 30 June 2026 - L'Occitane en Provence celebra...

Dusit International brings its Dusit Collection brand to Japan with the opening of a Kengo Kuma-designed lakeside retreat in Hokkaido

WE Hotel Toya, Dusit Collection combines distinctive architecture, private open-air bathing experiences, refined dining, and Dusit's signature Thai-inspired gracious hospitality on the shore...

Post-Pandemic Health Upgrade Drives Global Brands to Southeast Asia: High-Purity Omega-3 Leader WHC Selects Singapore as Strategic First Hub

SINGAPORE - Media OutReach Newswire - 30 June 2026 - WHC, the Belgium-based premium Omega-3 brand, today officially announced the launch of its flagship fish oil supplement, UnoCardio 1000, in Sin...

PRHK 2026 Benchmark Report highlights how Hong Kong’s IPO revival, AI, and the GBA are reshaping the SAR’s PR industry

The Image-Makers Look in the Mirror, and Like What They See (Mostly)HONG KONG SAR - Media OutReach Newswire - 30 June 2026 - The Hong Kong public relations industry has a renewed sense of optimism...

Competition, Workplace Safety and Financial Pressures Shape Risk Agenda for Korean Businesses, Aon Survey

Competition rises as the top risk, reflecting intensifying markets, while workplace safety accountability remains high amid a stricter regulatory environment Liquidity and natural...

Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success

World Cup Fever Returns: Learning Emotional Management on the PitchHONG KONG SAR - Media OutReach Newswire - 30 June 2026 - The four-yearly World Cup is in full swing, and the football fever once ...

Sri Lanka Bar Smoke & Bitters Honoured With Coveted Michter’s Art Of Hospitality Award As Part Of Asia’s 50 Best Bars 2026

The acclaimed island bar becomes the first Sri Lankan venue to receive this prestigious hospitality awardLONDON, UNITED KINGDOM - Media OutReach Newswire - 30 June 2026 – Sri Lanka's celebrated co...

Greenworks Deepens Its Localisation Strategy in Europe, Building a New Pillar for Global Growth

FLORENCE, ITALY - Media OutReach Newswire - 30 June 2026 - At the Greenworks European Dealer Conference, Greenworks announced the rollout of its 24V PowerAll power tool range across Europe, markin...

Australian businesses lean into global strategic partnerships (GCCs) for next wave of outsourcing

The Australian corporate landscape is undergoing a fundamental transformation in how it sources talent and innovation. While businesses have traditi...

The New Pressure Gap Crushing Small Businesses

Starting any business and making it prosper is a major undertaking. Part of the challenge is managing the uncertainty, but the financial pressures o...

Click Frenzy returns with a free EOFY sale event for retailers this month

New owners Gabby and Hezi Leibovich bring back Australia’s leading ecommerce sales event with Australia Post as Major Sponsor   Click Frenzy is ...

The 95 Per Cent Failure Rate Is Not An AI Problem

Most Australian SMEs I speak with are already having a go at AI. Some are running formal pilots, others have a team member quietly experimenting o...

New AR tech helping to solve field service skills crisis

AI-enabled augmented reality (AR) smart glasses are emerging as a new practical solution to fill a shortage of field service technicians maintaini...

For Midsize Companies, Global Payroll Systems Matter More to Business-Security Than You Think

When a midsize company expands across borders, its payroll operation becomes exponentially more complex. These organisations typically face a new ...