A Dubai resident off 11 years (who asked to remain anonymous) was shocked to discover nearly Dh20,000 in unauthorised charges on his Buy Now, Pay Later (BNPL) account after a suspected hacking incident. He says the purchases were made without his knowledge and no OTPs or alerts were triggered. He discovered the issue when an in-store transaction was declined. Upon checking with the BNPL provider, he learned multiple large purchases had been made in a single day, even though he had not used the service since March, when his credit limit was just Dh3,000. Bob Gourley, Chief Technology Officer of OODA, cybersecurity consultancy firm based in Virginia, USA, explained to Gulf News that this kind of incident likely stems from a complex account takeover attack. “I’ve seen this type of fraud before. It was probably caused by a complex account takeover attack. The fraudster may have obtained the victim’s login credentials through phishing, malware, or a data breach. Then they got around the BNPL provider’s security measures, possibly by taking advantage of weaknesses or using social engineering,” Gourley said.

Full report : Bob Gourley, CTO, OODA LLC explains how account takeover attacks happen and how to stop them.

For more see the OODA Company Profile on OODA LLC.