What Is Account Takeover Fraud at a Bank?

Updated July 9, 2026 5 min read

Identity theft often brings to mind a stranger opening new accounts under someone else’s name, but a quieter and increasingly common version involves no new account at all — just a criminal slipping into one that already exists.

The short answer

Account takeover fraud happens when someone gains unauthorized access to an existing bank account, typically using stolen login credentials, and then uses that access to move money, change contact details, or lock the real owner out. Unlike identity theft that opens new lines of credit, this targets an account that’s already active, which is part of what makes it fast-moving once access is gained.

How access is typically gained

What happens once access is gained

Once inside an account, the typical goal is to move money out quickly, often through transfers, bill payments to an account the criminal controls, or by adding themselves as an authorized user on connected products. Some takeovers also involve changing the contact email or phone number on file first, which can delay the real account holder from noticing and can interfere with the bank’s ability to reach them about suspicious activity. This is one reason account takeover can escalate faster than other types of fraud — the criminal is often working to lock the real owner out before acting.

Early warning signs

How liability and recovery generally work

Money moved out through an account takeover is typically treated as an unauthorized electronic transfer, which brings Regulation E protections into play, with liability generally shaped by how quickly the activity is reported. Recovery usually involves securing the account first — resetting credentials, confirming contact information is correct, and reviewing recent activity — before or alongside filing a formal fraud report with the bank.

What to weigh

Account takeover fraud tends to succeed because it exploits a gap between when access is gained and when it’s noticed, so the practices that matter most are the ones that shrink that gap: unique passwords, awareness of phishing tactics, and prompt attention to unexpected account notifications. No system eliminates risk entirely, but recognizing the early signs and knowing how to respond quickly are the most reliable ways to limit the damage if it happens.