Remote Account Takeover

Remote Account Takeover relates to unauthorised access and control over a user's account or system from a remote location. One of the most common attack vectors for this is the exploitation of Remote Desktop Protocol (RDP) a Microsoft protocol that allows users to connect to a computer remotely.

How it happens and red flags to look out for

• You’re tricked into allowing ‘Remote Access Control’ software to be downloaded onto your computer through opening an e-mail attachment. Fraudsters use this software to take control of your computer remotely, adjusting your settings to leave the computer vulnerable to fraud.
• Out of the blue you receive a pop-up notification to accept a request for your computer to be accessed remotely, and you have no knowledge where the request comes from.
• You notice suspicious transactions/activity on your account such as unknown applications you didn’t install, it could be a sign of a remote Account takeover — where a fraudster gains unauthorized access to your account and uses it as if they were you.
• You receive a phone call supposedly from IT, and you are informed that your laptop will be infected with a virus or malware if you don’t download the recommended software immediately, giving you no time to think about it or ask anyone for advice.

How to respond and protect yourself or organisation

• Delete unknown or suspicious apps/extensions.
• Once you notice any unknown files and applications notify your IT department.
• Invest in tools that will monitor any abuses in remote accessing of employee devices, regular sweeping of networks, infrastructures to detect any malware
• Avoid clicking suspicious links or downloading from unknown sites.

Reporting options

• To report fraud-related incidents, please email cibfraud@absa.africa
• To report phishing incidents, please email secmon@absa.co.za
• To report a matter after business hours, please contact our Fraud Hotline on 0860 500 703 or 010 211 3117.