top of page

Account Hijacking – Keep Yours From Cyberthieves

Published: January 16, 2024 on our newsletter Security Fraud News & Alerts Newsletter.

Most of us would agree there are too many ways our sensitive PII ends up in the hands of cybercriminals. One of these ways is account hijacking and few users, if any, are spared from this cyberthreat. This type of identity theft can happen without us knowing until it’s too late, but we can help prevent it. A closer look at this all-too-common cybercrime can help to make us cyber-smarter and our accounts and PII safer.

Account hijacking is exactly that – an online account gets hijacked, or stolen, by an attacker. Also called an ATO (account takeover), a hacker effectively owns your account and can abuse all the PII it holds. That PII can include highly sensitive stuff like login data, payment card numbers, banking info, SSN, and a lot more depending on the type of hijacked account. Whether a personal or work-related account, it could be just the beginning of future cybercrimes and malware infections targeting an individual or a business.

Email phishing, social engineering, password cracking, and brute force attacks are how most hijacked accounts start. These hacking tools open a world of hurt for those on the receiving end who find their password changed and their confidential PII in the hands of a criminal.

Help to Prevent Account Hijacking

Passwords, the keys to our account kingdoms, are at the heart of account hijacking. Make yours a minimum of eight characters and a mix of letters, numbers, and special characters. Use multifactor authentication (MFA or 2FA) when available as it adds an extra layer of protection during login keeping an attacker out of the equation and out of your account.

Phishing hides an attacker’s identity, so check email details like who the sender really is and verify before responding with any PII. Remember, legitimate sources won’t ask for your PII in an email. Never open or download attachments or follow links from an untrusted sender since they can be harmful.

Keep all software updated as soon as available including security and bug patches. Also, monitor accounts for strange transactions and other suspicious activity – the sooner you spot an attack, the sooner you can mitigate any damages.

The first thing a hacker does with a hijacked account is change the password to lock you out, so be aware of what this might mean and be prepared to act fast. Options like freezing credit and bank accounts can help reduce or prevent damage to your financial PII – immediately contact any institution involved. Remember, at the heart of account security is a bolstered password and a user who’s aware of the cyberthreat signs around them.

Want to schedule a conversation? Please email us at

bottom of page