Account Takeover Fraud: Smart Tips to Stay Safe

March 10, 2026

Share this article

What we'll cover:

Account takeover fraud is a form of identity theft in which cybercriminals use stolen credentials to gain access to and take control of your online accounts.
Once the takeover happens, criminals can lock you out of your account, make unauthorized transfers, and steal your personally identifiable information.
Use strong passwords, turn on multi-factor authentication, and practice good online habits to help prevent an account takeover.

Account takeover fraud is a type of identity theft where cybercriminals use stolen credentials, like your username and password, to gain access to and take control of your online accounts. Targets may include your email, social media, government, healthcare, and/or financial accounts.

Once the takeover happens, criminals may gain the ability to:

Change your login credentials to lock you out of the account.
Steal personally identifiable information and sell the data on the dark web.
Withdraw/transfer money or make unauthorized purchases.
Open new financial accounts using your identity.

Ahead, we’ll take a closer look at how account takeovers can happen and go over a few tips to help you protect your accounts.

How do account takeovers happen?

Cybercriminals can use various methods to steal your credentials and infiltrate your accounts. Some common ones include:

Password brute-forcing. Hackers may attempt to force their way into your account by simply testing a number of commonly used passwords (e.g., Password1234, qwerty1234, admin1234, etc.). Password brute-forcing exploits individuals who use weak or easy-to-guess passwords as well as accounts that do not have multi-factor authentication (MFA) in place.

Good to know: Marcus uses multi-factor authentication to help us authenticate you. It’s an additional layer of security to help protect your account from unauthorized access.

Data breaches. Companies or organizations that you do business with can also be targeted by cybercriminals. When there’s a data breach, your personally identifiable information (PII) may be exposed, stolen, and sold. PII can include things like credit card information, date of birth, Social Security numbers, usernames, and passwords.

Social engineering. Sophisticated hackers can also manipulate you into sharing your login credentials through social engineering ploys like phishing or impersonation. Phishers often push you into giving up your information voluntarily by creating a false narrative. They may use a variety of tactics, like impersonating someone, to pressure you to act with urgency and without thinking.

For instance, a cybercriminal may impersonate your bank and send a fake email to notify you of an “urgent problem” with your account. They will often direct you to a malicious website, prompting you to enter your sensitive personal data or login credentials so that you can resolve the alleged issue.

Malware or spyware. When cybercriminals direct you to a fake website, they may prompt you to click on a link, button, or pop-up that will install malware to your computer or other online devices, so that they can steal your login credentials by tracking and recording your keystrokes.

Potential signs of account takeover fraud

As more aspects of our day-to-day life go digital, it’s good to take a moment and learn how to recognize the signs of a potential account takeover.

Here are a few red flags you don’t want to ignore:

Suspicious account login activities, especially from online accounts you no longer use
Multiple failed login attempts that you don’t recognize (Note: You’ll usually receive an email alert from your account provider; it’s a good idea to call your provider directly to authenticate the alert and address the issue.)
Changes to your username, password, home/shipping address, phone number, or account security settings that you did not initiate
Random charges, payments, transfers, or withdrawals from your financial accounts
Receiving OTP (one-time password) codes you did not request

Important: At Marcus, we make it a priority to protect your privacy and safeguard your account information. If you notice any unusual or unauthorized activity with your Marcus account, contact us immediately at 1-855-730-7283. Outside the US, call us at 1-212-357-0026.

Do not share your OTP codes with anyone under any circumstances. Marcus will never ask you for your verification code over the phone, by text, or via email.

Best practices to help prevent account takeovers

Account takeover fraud can happen to anyone at any time, but there are steps you could take to help keep your accounts and information safe from cybercriminals. Some of these tips may already be familiar to you.

Use strong passwords and update them regularly.
Avoid using the same password for all of your online accounts.
Turn on multi-factor authentication for your accounts if it’s available and never share your one-time passcodes with anyone. Activating MFA protection for your email account can be especially important, as criminals will often target your email account first and then use it to attempt an account takeover elsewhere.
Work with your mobile carrier to turn on “port-out” protection for your cell number; this can help prevent your number from being “ported” or transferred to another device or carrier without your approval.
Set up alerts to help you keep an eye on your account activities. For example, it’s a good idea to set up alerts for your email, cell phone, bank, and other important online accounts.
Review your account statements each month and look for anything suspicious.
Avoid using public Wi-Fi for sensitive transactions.
Do not click on links, attachments, or pop-ups from unknown senders, which could contain malware or direct you to a fraudulent website.
Never give remote access to your computer to someone you don’t trust (e.g., requests from unknown individuals or unsolicited calls).
Keep your software, apps, and devices updated, so you’re protected from the latest cyber threats; schedule regular full system scans of your computer to detect viruses, spyware, and malware.

This is important: Never share any personal information with a person, website, email address, or app that you’re not familiar with and that you have not sought out yourself. If someone calls and claims to be from your bank, a government agency, or a particular retailer, do not give out your information. Instead, hang up and call the business or organization back yourself to ensure the request is legitimate.

Reminder: If you receive an unsolicited call from Marcus and you have concerns about the call, hang up and call us back using a number from our contact page, so you can be sure you’re speaking with Marcus. If a suspicious email claims to be from Marcus, forward it to [email protected].

What to do if you’ve been impacted

If you suspect you’re a victim to an account takeover fraud, contact your account provider right away and report the incident.

For instance, if you believe your bank account has been compromised:

Contact your bank and speak with a representative who can walk you through the reporting and remediation process. (For Marcus customers, you can reach us at 1-855-730-7283.)
Reset the login credentials that have been compromised.

Good to know: If your computer has been compromised by malware, you should immediately disconnect from the internet to prevent further damage. Run a full system scan using an up-to-date antivirus program to detect and remove the malware before logging back into your account.

File a complaint with the Internet Crime Complaint Center (IC3), a federal government website run by the FBI for reporting cybercrimes.

This article is for informational purposes only and is not a substitute for individualized professional advice. Articles on this website were commissioned and approved by Marcus by Goldman Sachs®, but may not reflect the institutional opinions of The Goldman Sachs Group, Inc., Goldman Sachs Bank USA, Goldman Sachs & Co. LLC or any of their affiliates, subsidiaries or divisions. Information and opinions expressed in this article are as of the date of this material only and subject to change without notice. You are not permitted to publish, transmit, or otherwise reproduce this information, in whole or in part, in any format without the express written consent of Goldman Sachs. This foregoing restriction includes, without limitation, using, extracting, downloading or retrieving this information, in whole or in part, to train or finetune a machine learning or artificial intelligence system.