top of page
  • Admin

Account Takeover Attacks Target 24 Million US Families. Is Yours Safe?

Published: January 24, 2023 on our newsletter Security Fraud News & Alerts Newsletter.

With cybercrime as pervasive as it is today, family members in the U.S. may find their social media, finance, and other accounts have been overtaken by cybercriminals. Research shows ATOs (account takeovers) are happening at an alarming rate, with data from SEON showing nearly 24 million families falling prey to these attacks last year alone.

At the heart of an ATO is identity fraud, a crime that keeps on giving – to attackers, that is. In their study of ATOs in the U.S. last year, SEON finds that 22% of adults fell victim to these attacks. Once a bad actor has gleaned enough PII about a target, often from different sources (think social media, data breaches, and dark web) to steal their account information, the target becomes a victim.

With an ATO, the attacker changes the victim’s login data and other security settings to their control, including where 2FA (two-factor authentication) codes are sent. The victim is cut off from accessing their account because their login data and other PII has been changed. SEON finds ATOs responsible for $288 billion in damages, with the average victim losing $12,000 to these attacks. With identity theft and financial fraud as the goals, SEON finds 51% of social media accounts and 32% of bank accounts were overtaken.

Top U.S. States for Largest ATO Price Tags

The FBI’s Internet Crime Complaint Center finds where one lives can affect how much money an average victim loses from an ATO, with some U.S. states averaging better, or worse, than others. Most affected is North Dakota with an average loss of $31,711 per victim. New York is next with victims losing an average of $19,266 each, and South Dakota with $19,065 lost per victim.

Since the idea of moving your family to a “safer” state is hardly practical, using cyber-smart security practices makes a difference no matter where you live. SEON finds 60% of ATO victims used the same password for multiple accounts, a vulnerable and tragically common security error. Being careless with different PII makes you even more vulnerable to ATOs and puts those additional accounts at risk for takeover fraud, too.

Always use unique login credentials for every online account you have. If you must write that down, do so; but keep it out of sight at all times and in a locked cabinet when it isn’t needed or when you walk away. Keep an eye out for phishing attacks. They happen every day and there are likely several of them lurking in your email inbox at any given time. If you aren’t expecting a link or attachment or don’t know the sender, double check its legitimacy before clicking anything. Never reply back to a suspect message or use the phone numbers or email addresses included in them. Find that information on your own. If the email is phishing, that contact information is going to send you right back to the phisher.

Protecting your family from ATOs begins when each member is responsible for keeping their PII as private as possible.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at


bottom of page