Last summer, I noticed password reset notices in my email account that I didn’t send. I quickly realized that I was the victim of an account takeover. This happens when someone illegally gains access to your account, typically through compromised credentials. I changed my email password right away and learned that my passwords to other accounts had already been changed. To make cleanup even more fun, I found out that the attackers had created new accounts using my credentials.

Account takeover at UK NHS

According to email security firm INKY, 139 employees at the National Health System (NHS) in the U.K. also found themselves victims of an account takeover in the past year. Their situation was similar to mine. The attacks started when attackers gained access to legitimate NHS email accounts. They then used the accounts to conduct phishing campaigns to steal Microsoft logins. The takeovers likely happened in October 2021. From there, the phishing schemes continued at least through April 2022. Attackers sent 1157 phishing emails sent from the NHS accounts.

To make the emails appear more honest, the attackers included the NHS email footer disclaimer at the bottom. They also used Microsoft and Adobe logos on emails where they pretended to be from each company. INKY reported that the attackers sent phishing emails through two NHS IP addresses, relays for processing high volumes of emails. In addition, all of the phishing emails sent from the compromised accounts passed the NHS authentication for outbound emails.

Account takeover fraud on the rise

Many cyber criminals use brute force attacks for account takeovers. Using an automated system, the attackers cast a wide net of commonly used passwords. From there they could gain access to accounts, mostly email accounts.

Preventing account takeovers

Account takeovers can cause consumers and businesses loss of time and money. You should take the following steps before account takeovers happen:

  • Use multifactor authentication to access the network and accounts. With two types of authentication required, it’s more challenging to gain unauthorized access. The risks get even lower when one of the methods uses biometrics.
  • Creating a culture of cybersecurity. When everyone in the company feels responsible for cybersecurity, employees are more likely to report suspicious emails and follow good online hygiene. However, leaders need to set a tone for the cybersecurity culture and make it a priority.
  • Stress the importance of using different passwords. When you use the same password for all accounts, the attacker can then break into all of your other accounts on the first try. By using different passwords, you buy yourself some time to notice the account takeover and take action before the threat actor accesses multiple accounts.
  • Use single-sign-on. Creating different passwords for every account adds pressure on employees. By using single sign-on, organizations keep accounts more secure without worrying about employees following the correct process.

Account takeovers can be devastating to the company and very time-consuming to recover. By proactively taking steps to reduce the risk of account takeover, organizations can reduce their vulnerability to these types of attacks.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…