What is It?
Account Takeover (ATO) is a type of fraud that involves taking control of an individual’s online account.  It is a form of online identity theft that provides cybercriminals with the information they need to gain unauthorized access to someone else's account(s).  They change passwords or addresses to prevent victims from accessing their own information. 

How Does it Happen?

Although attackers are becoming more sophisticated in their techniques, the most common way criminals gain access to an account is through email, text messaging, and phone calls.  Posing as a banker or online retailer, they ask the victim to provide confidential information such as usernames, passwords, and credit card numbers. Once they have this information, they can easily access the victim's account.  They may also install malware on a victim's computer or mobile device, allowing them to access their accounts without permission.  This stolen information can be used to make unauthorized purchases, transfer funds, and access sensitive information that can lead to other fraudulent activities.    

Middlesex Federal will never contact you and ask you to provide us with personal or account information?

• If you receive a call from us regarding suspicious account activity, we will only ask you to confirm or deny the transaction(s). You will not need to change or provide security credentials or account information.
• If you contact us, we may ask you to provide information to verify your identity.

What should you do if you suspect you have been the victim of Account Takeover Fraud?

1. Immediately contact us at 617-666-4700 to request assistance with the following:
   1. Disable online access to your Middlesex Federal accounts.
   2. Change your online banking password.
   3. Review recent transactions and electronic authorizations on the account,
   4. Ensure no one has requested an address change, title change, PIN change, or ordered new cards, checks, or other account documents to be sent to an address that is not on file.
2.  File a police report and provide the facts and circumstances surrounding the financial impact.

Tips on how best to respond to an email, phone call, or text message that asks you for this information.

Email: Middlesex Federal will never ask you to click an email link to verify personal information or to make a payment.

TIP:   Before you click a link, hover over it to reveal where it really leads.  Call your bank directly or visit their website by typing the URL into your browser when in doubt.

Phone Call: Middlesex Federal will never call you and ask you to provide personal or account information over the phone.  We may need to verify personal information if you contact us, but never the other way around. 

TIP:  Scammers can make any number or name appear on your caller ID.  Always be wary of incoming calls, even if it says your bank's name.
TIP:  Hang up and call the number on your bank statement or debit card.  If we did call you, we wouldn't take it personally.

Text Message:  Middlesex Federal will never send you a text message asking for your PIN, password, or one-time login code.  If you receive a text message asking for personal information, it’s a scam.  Never click on a link sent via text message that asks you to sign into your bank account. Scammers use this technique to steal your username and password.

TIP:  When in doubt, visit your bank’s website by typing the URL directly into your browser or log in to your mobile app. 
TIP:  Don’t reply to or save a fraudulent text message on your phone. If you are reporting the message to law enforcement or the FTC, take a screenshot to share, then delete it.

How Can I Prevent It?
There’s no single action that can prevent an account takeover.  However, using a combination of recommendations listed below can reduce the likelihood of an account takeover happening to you.  

Strengthen Passwords:  It’s important that each of your online accounts has a strong, unique, and complicated password.  Click here for a list of simple tips on how to create a strong password.

Set Up Multi-factor Authentication:  Multi-factor authentication can add an extra layer of security that protects you from hackers.  More and more sites and apps offer two-factor authentication, but it’s not usually on by default. To turn it on, go to your account settings, look for two-factor authentication, two-step verification, or multi-factor authentication, and follow the steps.

Keep Security Software, Internet Browser, and Operating System Up to Date:  Regularly updating your software helps ensure you have critical patches and protections against security threats. Keep your information safe by turning on automatic updates so you don’t have to think about it, and set your security software to run regular scans.  

Avoid Financial Activity on Public WiFi:  Avoid signing in to financial accounts when using public WiFi. One of the most common ways identity theft occurs is when using a computer, tablet, or smartphone over public WiFi.  

Check Statements:  Review account statements to identify any unusual or unrecognized transactions.  Often, scammers test stolen information by processing small transactions first. 

Monitor Credit:  Monitoring your credit history can help you catch early signs of identity theft.  Take control, and learn how to order free credit reports.