Account Takeover
Attackers obtain credentials or intercept authentication to seize control of accounts and drain assets.
Entry methods
- Phishing and credential stuffing from prior leaks.
- SIM‑swap to intercept SMS codes; MFA fatigue prompts.
- Malicious browser extensions or remote‑access tools.
Lockdown plan
- From a clean device, change passwords; enable app‑based 2FA.
- Revoke active sessions, connected apps, and API keys.
- Rotate recovery codes; update backup email/phone.
- Check for email rules/forwarders; audit security logs.
Hardening tips
- Use a password manager and unique passphrases.
- Prefer hardware keys or TOTP over SMS.
- Keep devices updated; remove unused extensions.