Using compromised email accounts is the latest method of mayhem in the fraudster playbook.

There isn’t much relief in sight, either: according to a study by Javelin Research, account takeovers accounted for $2.3 billion in fraud in 2016, a 61% increase from 2015.

The first step a fraudster takes in an account takeover is to acquire a customer’s personal identification information. Some common ways that fraudsters steal account and personal information include:

  • Purchasing credentials via dark web sites
  • Searching social media or publicly available databases
  • Conducting a phishing scam through email or messaging services
  • Leveraging malware to install keyloggers to collect all data
  • Using a brute force password cracking tool

The worst part? This is all automated, so it happens on a huge scale.

When it comes to new transactions, fraudsters prefer to operate within email accounts they fully control. If they are taking over an existing email account, they will use what is already there – exploiting  existing relationships for financial benefits. Why? Because using a compromised email addresses to setup new accounts can alert the consumer to unauthorized activity.

Here’s what goes down.

Takeover & transact: What happens when an account is compromised

The first order of business for a fraudster in a compromised email account is to run a script which scans the mailbox for any accounts or information they can exploit and benefit financially from.

Once the fraudster acquires enough personal information, they attempt to access the account and change the contact information. They will also try to collect personal information (such as billing address, credit card number or social security number) which they can use for further financial gain.

By changing account contact information, the fraudster locks the real customer out of the account. This allows them to place fraudulent orders, create new accounts, and cause havoc in general. If a cell phone carrier is identified, fraudsters will attempt to order new smart phones. If a retail account is available, they will attempt to use rewards points.

But the scam isn’t limited to business email accounts, either. One particularly nasty tactic fraudsters use is sending emails to contacts in the account address book. They pose as the actual person, attempting to get their contacts to download malware which will compromise their accounts or collect personal information.

To protect themselves, consumers should have a robust, “very strong” password for email accounts. Take advantage of additional authentication measures offered by most providers, such as two-step verification if the device is unrecognized. And the biggest thing, which I can’t stress enough: Don’t repeat passwords over several accounts.

How email risk assessment can identify compromised email accounts

Email risk assessment is the process of using a commonly collected piece of data, the email address, as the basis for transactional risk assessment and fraud prevention. This approach goes beyond basic comparative information. Instead, a complete picture is painted of buyer reputation is created using by using IP address, email and other information to validate identity and assess risk.

To identify potentially compromised email accounts, we look for behavior changes around how the email is used in transactions. There are certain signals from our network which can indicate if an email address has been potentially compromised. The biggest is if the email address has been part of any large-scale data breaches. Second is velocity activity – has there been in uptick in the number of transactions in a given timeframe?

Above all, we count on our network members to report suspected events associated with that email to raise key risk indicators.

When building your risk engine, keep account takeovers in mind. Make sure to use complementary solutions, not overlapping ones. By following the Swiss Cheese Model, you can build a risk engine that stops the bad guys even if they have legitimate customer data.

To fight the growing threat of compromised email accounts, you need the best tools to identify and stop them. Click here to discover how you can accurately identify risk with just an email address.