These days, a lot (if not all) of our important information lives online, and scammers are getting increasingly skilled at sneaking around our defenses, accessing our accounts and stealing our money or data. The rise of account takeover (ATO) fraud has made cybersecurity more important than ever. Because if your accounts aren’t safe, then neither is your money.

What is account takeover fraud?

In ATO fraud, cybercriminals gain unauthorized access to an account — think online bank accounts, payroll, health savings or social media accounts — and take funds, redirect paychecks and more. Since January 2025, the FBI Internet Crime Complaint Center (IC3) received more than 5,100 complaints reporting ATO fraud, with losses exceeding $262 million.*

So, how are scammers getting in?

• Exploiting weak passwords: When you have simple passwords made from easily obtained info (like birthdays, family members’ names, etc.) or common phrases and numbers, scammers have an easier time hacking into your accounts. It helps to keep your passwords long, complex and with a mix of numbers and characters.
• Phishing: Scammers send deceptive emails or texts to trick you into providing your login credentials. That’s why you should always verify links before clicking them — it’s easy for fraudsters to pose as trusted organizations, like online banks or payroll websites.
• Social engineering: By impersonating someone official like customer support, technical support or a bank employee, scammers will try to manipulate you into handing over your credentials. As a general rule, most institutions — including Grow Financial — will never call and ask for your security codes.
• Malware: Scammers can get you to install malware on your device by convincing you to click on malicious links or download infected attachments. Stay alert for any fishy-looking communications.

For more information on ATO fraud and how to report it, check out this IC3 resource.

Use multifactor authentication for extra protection

Avoiding account takeover fraud starts with the basics of good cybersecurity: regularly monitoring your accounts, staying vigilant for phishing activity and implementing strong, complex passwords. On top of that, one important — and easy! — way to stay safer is with multifactor authentication (MFA).

MFA, also called two-factor authentication (2FA),, is a security method that adds another layer of protection to the sign-in process. It requires users to verify their identity in additional ways beyond just entering a password. The added step (or steps) can be a variety of things, like using facial recognition on your phone, approving sign-ins with push notifications or entering one-time passcodes.

This means that to enter your account unlawfully, someone would need both your account password and physical access to your phone, which is unlikely.

Multifactor authentication options

There are several ways you can receive MFA codes. Some of the most popular options include:

Voice call: Receive a quick phone call with a one-time passcode.
Text message: Receive an SMS with a one-time passcode.
Push notifications: Receive notifications that you can simply tap to approve login attempts.
Biometrics: Use facial recognition or fingerprints to approve login attempts.
Authentication app: Use a third-party app like Google Authenticator, Authy or Duo, to receive a one-time passcode.

Note: We strongly recommend NOT using email for your MFA codes, as a scammer wouldn’t necessarily need to have your phone in hand to receive the code via email.

At Grow, we automatically require a second method of identification when you log in to your account from a new device, browser or geographic area. The types of MFA codes we support are voice call, text message and third-party app.

Learn more about MFA and how to set it up here.

Remember, MFA is a great deterrent for ATO fraud. Here at Grow, we’ll never call you and ask you for the one-time code. You’ll only be asked to enter it on the login screen. Never read your security codes over the phone to anyone.

Stay safer with these resources

Looking for more ways to protect yourself from online fraud?

Check out this article on cybersecurity, this page on preventing identity theft and this page of FBI resources.

Think you’ve been a victim of online fraud? File a report with the FBI’s IC3 as soon as possible, and let your financial institutions know so they can be extra vigilant when it comes to your accounts.

---

Posted In:

• Security Education