A former Mastercard executive was almost defrauded out of $100,000. Here’s how he noticed it.

• A former Mastercard executive nearly lost $100,000 to an account takeover scam.

• The scammers accessed her real estate agent’s email and impersonated a title company.

• Account takeover fraud increased 354% in 2023, causing $13 billion in losses, researchers say.

It seems like it can happen to anyone. Even those who work in the financial industry.

A former Mastercard executive told Business Insider that he nearly lost $100,000 to an account takeover scam last year.

Catherine Woneis, former vice president of CipherTrace, a MasterCard-owned service that helps secure crypto transactions, says she nearly lost most of her life savings after scammers accessed her real estate agent’s email.

Account takeover fraud occurs when scammers gain access to your social media, email, banking or other personal accounts. Criminals typically gain access to accounts with stolen credentials they purchase through the dark web or through social engineering tactics that trick you into sharing your password, Woneis said. They then use these accounts to siphon off your hard earned money.

The number of known account takeover scams increased 354% year-over-year in 2023, resulting in $13 billion in losses, according to AI fraud detection service Sift Science.

In Woneis’ case, scammers accessed her real estate agent’s email using “credential stuffing,” a tactic that uses AI bots to try every possible username and password until they settle on the right answer.

The scammers used information found in emails about Woneis’ transactions to impersonate the title company for her home. The fake title company then emailed Woneis asking for an “expedited” payment.

“This is a very typical thing that criminals use in fraud: They try to implement a time piece,” Woneis said.

Woneis said he checked to see if the email address was real and noticed it was added with another address, but assumed it was part of the company’s automated email system.

“They sent me transfer instructions that perfectly mimicked the instructions from the title company. They had an example of what it looked like,” Woneis said. “It was the exact same typography, the exact same letterhead and everything else.”

The only differences from the actual instructions were a fake phone number and email, along with incorrect bank information. Woneis said she fortunately called the phone number she originally received from the title company, which informed her that the bank account information was incorrect on the form.

“If I would have rushed and called the phone number on the form, it would have been them, and they would have been pretending to be the real estate company saying, ‘Yes, this is genuine and it came from at us”, she. said. “We could have been caught in wire fraud.”

The story continues

Woneis said he would have lost about $100,000 if the deal had gone through.

Woneis now works for a cybersecurity company called Fingerprint, which she says is developing tools to combat the rise of account takeovers. Some of the keys to combating this type of fraud are algorithms that can determine where a website visitor is located (if they’re using a VPN) and systems to identify when bots are trying to brute force a website, Woneis said. .

If you think any of your accounts may have been compromised, Woneis says to quickly change all your usernames and passwords, set up two-factor authentication for any sensitive accounts, and report any fraud to the FTC’s fraud reporting website .

Read the original article on Business Insider