Glossary / Fraud
Account Takeover (ATO)
Account takeover is an attack where a criminal gains control of a legitimate user's account, usually through stolen credentials, phishing, or social engineering, then uses it for fraud or theft.
Also: ATO, account takeover
Account takeover is the point where an attacker gains control of a real customer’s account. The common routes in are credentials reused from another breach, phishing that captures a password and one-time code, malware, and social engineering of support staff or the recovery flow.
Once inside, attackers drain stored value, make fraudulent purchases, harvest personal data, or use the trusted account to attack others. The damage extends beyond the direct loss to chargebacks, support cost, and erosion of customer trust.
Defending against it in CIAM means closing the routes in: phishing-resistant authentication such as passkeys removes the value of a stolen password, adaptive authentication raises friction on risky sign-ins, and a hardened account recovery flow stops attackers from using the reset path as a back door.
Sources
- OWASP, Credential Stuffing: https://owasp.org/www-community/attacks/Credential_stuffing