What is Email Account Takeover Fraud?

by Theresa Nguyen 5 min read June 25, 2024

With more consumers online, bad actors are taking the opportunity to commit more financial crimes, such as account takeover fraud. This online scheme resulted in nearly $13 billion in losses in 2023, up from $11 billion in 2022.1 So, what do organizations need to know about this form of identity theft? And how can they prevent it?

Let’s explore one type of account takeover fraud: email account takeover.

What is email account takeover?

Email account takeover occurs when a fraudster gains access to a legitimate user’s email account through data breaches that expose credentials, purchasing from the dark web, or phishing scams. It’s usually one of the first steps in a broader account takeover scheme.

Once fraudsters have access to a consumer’s email or social media account, they have access to the private information in that consumer’s inbox: financial statements, health records, and other forms of PII. Fraudsters can also now use the consumer’s email to impersonate them with friends, family, financial institutions or other businesses they interact with.  

They can also gain access to other accounts and here’s where email account takeover becomes more dangerous. In this attack, the fraudster gains access to an email or mobile account. Once they have an email, they start by trying to guess the user’s password, commonly called a brute force attack, or through password spraying, where they use commonly used passwords, i.e. ‘password’ or ‘123123 A recent Google survey found that 65% of people use the same password for some or all of their online accounts. This, along with a corresponding email address can give fraudsters further entre into a consumers other accounts. If unsuccessful, they’ll then execute a ‘forgot password’, password reset, or onetime password. Then, they take over the victim’s account with their financial institution to facilitate the transfer of funds from the compromised account.

  • 57% of businesses are experiencing rising fraud losses associated with account opening and account takeover.2

While email account takeover can be quickly executed, detecting it can take time. Unlike credit card fraud, where an individual may soon notice suspicious activity, an email account takeover can go undetected for longer. The owner may not realize until later that their account has been compromised, especially with a dormant account or secondary account they use less. As a result, criminals have more time to facilitate additional attacks.

LEARN MORE: Explore 2024 fraud trends listed by Experian.

How does it affect your organization?

Account takeover fraud doesn’t just impact consumers, it can result in significant financial losses for organizations. For example, if your organization offers credit products, you might have to cover the costs of disputing chargebacks, card processing fees, or providing refunds. In the case of a data breach, you may have to pay fines against your organization for not properly protecting consumer information.

  • Nearly two-thirds of consumers say they’re very or somewhat concerned with online security.3

But email account takeover isn’t just costly — it can damage your organization’s reputation. Consumers expect organizations to have proper security measures in place to protect their information. If a data breach occurs, your security can seem weak, leading consumers to lose trust in your organization. As a result, they may potentially take their business elsewhere.

The importance of prevention

While consumers listed identity theft as their top concern when conducting activities online, they’re still interacting, opening new accounts, and transacting digitally.4 Coupled with the rise of account takeover fraud and associated losses, it’s more crucial than ever for organizations to accurately detect and prevent these attacks. To do this, they must have a proactive fraud prevention strategy in place.

Account takeover fraud prevention requires your business to maintain and continuously reaffirm confidence in the identity data you collect. Your team can monitor, segment, and proactively act on customer identities that display a higher risk of fraud than was determined at account origination through risk-based fraud detection models, machine learning, and advanced analytics.

Experian offers many flexible solutions, including:

  • CrossCore® Solutions are best practice-based groupings of fraud and identity products that enable organizations to solve common to complex issues. For example, our fraud risk solutions include email and phone intelligence to improve verification for thin-files and other challenging populations. Experian offers phone/carrierbased matching capabilities with address validity and occupancy data for >95% of U.S. households.
  • FraudNet is a device intelligence solution that analyzes hundreds of device attributes and prevents fraud on all digital channels. Combining contextual data, behavioral data, and device data, it bridges the gap between physical and digital identity to achieve fraud capture rates that exceed industry averages.

To further alleviate account takeover fraud, your organization can offer educational resources for fraud prevention. Using various, strong passwords across their accounts, and changing them regularly, is a foundational way consumers can help ensure their accounts are secure. Leveraging user names that are different from your email can also help. If a fraudster is able to takeover an account and initiate a lost password request, and that password is used for other accounts, that fraudster now has the credentials they need to further defraud that consumer. By spreading awareness about identity fraud risks and providing best practices for prevention, you can better protect your organization and consumers.

LEARN MORE: Building a multilayered fraud and identity strategy with CrossCore Solutions

Partnering with Experian

Email account takeover, along with other types of fraud, can be detected and prevented with the right partner. Experian’s fraud management solutions can help your organization accurately verify customers and assess risk with our account takeover and fraud management solutions.

Explore Experian’s account takeover solutions and watch an on-demand recording of our Fraud Risk and Identity Verification Solutions tech showcase.

Learn more Watch tech showcase

1 Identity Fraud Cost Americans $43 Billion in 2023, AARP.

2-4 2023 U.S. Identity and Fraud Report, Experian.

Related Posts

Related Post test

Data & Analytics

Updated November 17th Related Posts Link to automotive form, business form

Published: April 24, 2025 by Rathnathilaga.MelapavoorSankaran@experian.com
Read More about Related Post test

Test

Apply Automotive Tag

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus at nisl nunc. Sed et nunc a erat vestibulum faucibus. Sed fermentum placerat mi aliquet vulputate. In hac habitasse platea dictumst. Maecenas ante dolor, venenatis vitae neque pulvinar, gravida gravida quam. Phasellus tempor rhoncus ante, ac viverra justo scelerisque at. Sed sollicitudin elit vitae est lobortis luctus. Mauris vel ex at metus cursus vestibulum lobortis cursus quam. Donec egestas cursus ex quis molestie. Mauris vel porttitor sapien. Curabitur tempor velit nulla, in tempor enim lacinia vitae. Sed cursus nunc nec auctor aliquam. Morbi fermentum, nisl nec pulvinar dapibus, lectus justo commodo lectus, eu interdum dolor metus et risus. Vivamus bibendum dolor tellus, ut efficitur nibh porttitor nec. Pellentesque habitant morbi tristique senectus et netus et malesuada fames ac turpis egestas. Maecenas facilisis pellentesque urna, et porta risus ornare id. Morbi augue sem, finibus quis turpis vitae, lobortis malesuada erat. Nullam vehicula rutrum urna et rutrum. Mauris convallis ac quam eget ornare. Nunc pellentesque risus dapibus nibh auctor tempor. Nulla neque tortor, feugiat in aliquet eget, tempus eget justo. Praesent vehicula aliquet tellus, ac bibendum tortor ullamcorper sit amet. Pellentesque tempus lacus eget aliquet euismod. Nam quis sapien metus. Nam eu interdum orci. Sed consequat, lectus quis interdum placerat, purus leo venenatis mi, ut ullamcorper dui lorem sit amet nunc. Donec semper suscipit quam eu blandit. Sed quis maximus metus. Nullam efficitur efficitur viverra. Curabitur egestas eu arcu in cursus. H1 asdf asdf H2 H3 H4 Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vestibulum dapibus ullamcorper ex, sed congue massa. Duis at fringilla nisi. Aenean eu nibh vitae quam auctor ultrices. Donec consequat mattis viverra. Morbi sed egestas ante. Vivamus ornare nulla sapien. Integer mollis semper egestas. Cras vehicula erat eu ligula commodo vestibulum. Fusce at pulvinar urna, ut iaculis eros. Pellentesque volutpat leo non dui aliquet, sagittis auctor tellus accumsan. Curabitur nibh mauris, placerat sed pulvinar in, ullamcorper non nunc. Praesent id imperdiet lorem. H5 Curabitur id purus est. Fusce porttitor tortor ut ante volutpat egestas. Quisque imperdiet lobortis justo, ac vulputate eros imperdiet ut. Phasellus erat urna, pulvinar id turpis sit amet, aliquet dictum metus. Fusce et dapibus ipsum, at lacinia purus. Vestibulum euismod lectus quis ex porta, eget elementum elit fermentum. Sed semper convallis urna, at ultrices nibh euismod eu. Cras ultrices sem quis arcu fermentum viverra. Nullam hendrerit venenatis orci, id dictum leo elementum et. Sed mattis facilisis lectus ac laoreet. Nam a turpis mattis, egestas augue eu, faucibus ex. Integer pulvinar ut risus id auctor. Sed in mauris convallis, interdum mi non, sodales lorem. Praesent dignissim libero ligula, eu mattis nibh convallis a. Nunc pulvinar venenatis leo, ac rhoncus eros euismod sed. Quisque vulputate faucibus elit, vitae varius arcu congue et. Ut maximus felis quis diam accumsan suscipit. Etiam tellus erat, ultrices vitae molestie ut, bibendum id ipsum. Aenean eu dolor posuere, tincidunt libero vel, mattis mauris. Aliquam erat volutpat. Sed sit amet placerat nulla. Mauris diam leo, iaculis eget turpis a, condimentum laoreet ligula. Nunc in odio imperdiet, tincidunt velit in, lacinia urna. Aenean ultricies urna tempor, condimentum sem eget, aliquet sapien. Ut convallis cursus dictum. In hac habitasse platea dictumst. Ut eleifend eget erat vitae tempor. Nam tempus pulvinar dui, ac auctor augue pharetra nec. Sed magna augue, interdum a gravida ac, lacinia quis erat. Pellentesque fermentum in enim at tempor. Proin suscipit, odio ut lobortis semper, est dolor maximus elit, ac fringilla lorem ex eu mauris. Phasellus vitae elit et dui fermentum ornare. Vestibulum non odio nec nulla accumsan feugiat nec eu nibh. Cras tincidunt sem sed lacinia mollis. Vivamus augue justo, placerat vel euismod vitae, feugiat at sapien. Maecenas sed blandit dolor. Maecenas vel mauris arcu. Morbi id ligula congue, feugiat nisl nec, vulputate purus. Nunc nec aliquet tortor. Maecenas interdum lectus a hendrerit tristique. Ut sit amet feugiat velit. Test Yes asedtsdfd asdf asdf adsf Related Posts

Published: March 1, 2025 by Jon Mostajo, Sirisha Koduri
Read More about Test

What is Token-Based Authentication?

Apply CIS Tag

Discover how token-based authentication works, its types, and why businesses trust it to secure sensitive data.

Published: February 11, 2025 by Theresa Nguyen
Read More about What is Token-Based Authentication?