An ATO is when a fraudster uses someone else’s account to commit fraudulent activity. The account is often in good standing and not accessed regularly.

An account takeover is only possible if users unwittingly compromise their log-in or password details or have weak passwords that can be guessed by fraudsters. This is done most commonly through spoof emails.