Account takeover (ATO)
When a fraudster gains unauthorised access to someone's online account and uses it to steal money, data, or identity — or to conduct further fraud.
Also known as: ATO, account hijacking
Last reviewed: 1 June 2026
Account takeover (ATO) occurs when an attacker successfully logs into your account — bank, email, social media, crypto exchange — using stolen credentials, SIM swap, malware, or session hijacking. Once inside, they may drain funds, make purchases, extract personal data, change contact details to lock you out, or use the account to scam your contacts.
ATO is often the end goal of several other attack types: phishing harvests credentials, SIM swap bypasses SMS 2FA, and credential stuffing tries leaked passwords at scale. Email account takeover is particularly damaging because email is used to reset passwords for all other services.
Signs of ATO include unexpected password-reset emails, unknown login notifications, transactions you didn't make, and contacts reporting unusual messages from your account.