Account Takeover (ATO) fraud occurs when a criminal gains unauthorised access to a person’s account posing as the legitimate account holder. Once access is obtained, the fraudster may reset passwords and security details to lock out the customer. They often update key contact information — such as phone numbers, email addresses, or mailing addresses — allowing them to use the account without raising suspicion.

The goal is typically to perform unauthorised transactions, such as transferring funds or making fraudulent purchases.

How does Kroo protect my account from an Account Takeover?

We know how important it is to feel secure when using your account. To help prevent account takeovers, Kroo uses advanced security measures such as biometrics and enhanced monitoring to detect and prevent suspicious activity. We also support Confirmation of Payee (CoP), which adds an extra layer of protection by making sure your payments go to the intended recipient

How does Account Takeover happen?

Account Takeover (ATO) fraud typically occurs when criminals gain access to your account by compromising your security credentials. Once they’ve gained access, fraudsters can take full control of your account to carry out unauthorised activity.

Common methods used by fraudsters:

• Phishing: Fake emails, texts, or websites trick you into sharing personal details.
• Malware: Malicious links or attachments infect your device and steal credentials.
• Social Engineering: Fraudsters pose as trusted contacts to gain sensitive information, and may even install screen capturing software to obtain your details.

Once they’re in, they may:

• Change your contact details to lock you out
• Order replacement cards
• Transfer funds or make fraudulent payments

Other tactics to watch out for:

• Fake messages that look like they’re from your bank
• Spoofed caller IDs
• Pressure to act quickly
• Apps or links from untrusted or unverified sources

Digital wallets & account takeover risk

Digital wallets (or e-wallets) are apps that let you store your payment information so you can make quick, contactless purchases using your phone, tablet, or computer. Instead of digging out cash or cards, you can just tap or click to pay. Some well-known examples of digital wallets include Apple Pay and Google Wallet.

While digital wallets are fast and convenient, they’re also a growing target for fraud. They are increasingly used in account takeover attempts and whilst these don't grant full account access, approving a new payment method (even unintentionally), can still lead to unauthorised transactions and potential fraud.

Always practice extreme caution when adding new payment methods to your account and stay safe by following the safety tips below.

How to protect yourself against account takeovers?

Follow the safety tips below to help protect yourself:

1. Act quickly: If you receive a notification of account changes you didn’t make, contact us immediately.
2. Keep your credentials safe: Never share your banking login, passwords, Authorisation Codes, or One-Time Passcodes (OTPs).
3. Don’t trust caller ID: Numbers can be spoofed. Always verify by calling back using the official number on Kroo’s website.
4. Be cautious with emails/texts: Never click suspicious links or open unknown attachments. Contact the company directly if you’re unsure.
5. Use multi-factor authentication (MFA): Add extra security like verification codes sent to your phone or email.
6. Stay up to date: Keep your operating system and security software updated.
7. Download safely: Only install apps from official app stores.

If you think your bank account has been compromised:

If you believe you have been a victim of this type of fraud, please contact our Customer Support team via the in-app chat or email us directly at help@kroo.com and we'll be happy to help you.

Help from other organisations: we would recommend reporting the incident to Action Fraud, the UK's national fraud reporting centre.