Why ATO attacks are dangerous for your company?

Account takeover (ATO) or corporate account take over (CATO) it is a form of identity theft or fraud in which a malicious actor succeeds in taking control of a user's account. Once the attack is complete, the hacker has access to the hacked user's account. He will therefore be able to send emails in the owner's name, steal financial information, spy on emails looking for sensitive information

One of the main objectives of attackers who execute this kind of attack is the search for confidential information. For this reason the most vulnerable departments within organizations are IT (computer technicians), finance, human resources, senior management and the security department.

When a hacker hacks your email account, he will be silent for several weeks and perhaps even months. You may even never know it. His goal: spying on your communications without being spotted. Analyze and collect all the information you will exchange to gather confidential information.

He will therefore carefully analyze the content of your email box looking for documents, access to all kinds of systems and confidential content you have exchanged in the past.

Depending on what position you hold in an organization, hackers will not seek out the same information. Here are some examples that hackers might attempt to obtain depending on the department of the targeted person.

IT department

The IT department has access to multiple systems and servers within an organization. It is frequently the department with the most access and the highest entitlements. They will therefore be looking for IP addresses to access servers, usernames and passwords, your network architecture or any information that could allow them to target an attack and enter the organization.

Finance Department

Financial statements, tax returns, bank account numbers, credit cards, confidential service offers, price lists, financial projections, stock purchases, insider information or any other relevant information that could be of value to your competitors or on the black market (dark web).

Human resources

Any information allowing them to steal an employee's identity, even in large organizations trying to contact the finance department to misappropriate funds from the employee they will have their hands on. By combining the information collected within your organization and social networks, employee identity theft becomes even easier. They are looking for salary information, social insurance number, resumes that contain a gold mine of information such as name, address, phone number, hobbies, preferences, etc.

If they don't use this information collected against you, or one of your employees, they will try to sell it on the black market (dark web).

Security department

The security department, or cyber security department, controls access to the different systems. They will be looking for the same type of information as the IT department. However, the security department is the one that protects the organization against external threats and will put in place defensive measures if an IT attack occurs.

If hackers have penetrated this department, they will listen to communications to counter the defensive measures that the organization will put in place during an attack that they will be carrying out.

It is therefore critical in these specific cases to protect your email exchanges to make them blind to your strategies.

Executive officers

The head of the organization, the place where important decisions are made. The place where the most confidential and strategic information about the organization is exchanged. Any information that could be used for blackmail, competition or could be sold on the black market. This is what they will be looking for.

The vast majority of cyber security systems that try to protect mailboxes from this kind of attack will use means to prevent the attacker from gaining access to your mailbox.

There is a full range of interesting tools to limit the number of attacks. They will therefore try to prevent certain types of attacks to gain access to the mailboxes, such as phishing, ransomware, brute force, social engineering, zombie networks, but unfortunately, they cannot block them all.

In addition to being invisible during exchanges, the content of the email exchanged with Secure Exchanges is encrypted from the sender to the recipient. Email also has a limited lifespan. That is to say, it will eventually be destroyed after a maximum of 30 days in the mailbox of the recipient and even in your sent items. The sender can even configure additional protections to access this confidential email, such as a password or SMS code.

We have developed a technology that is integrated directly into Microsoft Outlook or Gmail, and can also be used via our online platform. This technology makes it possible to protect sensitive information during your email exchanges. It also allows you to exchange large confidential documents, up to 2.5 G, to electronically sign confidential documents, etc.. When you send your email, you have the choice to protect it with Secure Exchanges or to send it normally.

Your email arrives at its destination as it should, it is invisible to hackers, encrypted, and the recipient can take possession of it. Once the recipient has read it and saved its attachments, the email and its attachments are destroyed.

Furthermore, this means that even if hackers manage to get their hands on your account by completing an ATO attack, they will not be able to access your email, they will not be able to read the email you have exchanged with Secure Exchanges. Your communications remain invisible to hackers.

Secure Exchanges installs over your Microsoft Outlook client, so you keep your email, you don't have to migrate your mailbox elsewhere. Installing and sending is all you have to do to protect yourself.