Account Takeover (ATO) Fraud

Account Takeover (ATO) Fraud is a form of identity theft and financial cybercrime in which a criminal gains unauthorised access to a victim's financial accounts — including bank accounts, Demat accounts, trading accounts, mutual fund folios, and UPI-linked accounts — using stolen credentials, phishing attacks, SIM swapping, or social engineering, and then uses the access to transfer funds, execute unauthorised trades, or steal securities. In the Indian context, ATO fraud has grown significantly with the digitisation of financial services — fraudsters obtain login credentials through phishing emails, fake investment advisor websites, WhatsApp scams posing as SEBI or RBI officials, and OTP-based SIM swap attacks where the fraudster ports the victim's mobile number to a new SIM. Common ATO fraud patterns in India include: stealing login credentials to Demat accounts and transferring pledged securities to the fraudster's account, executing unauthorised sell orders on the victim's stock holdings, or using the victim's UPI ID to initiate fraudulent payments. SEBI and NSE/BSE have strengthened investor protection through mandatory two-factor authentication, real-time SMS and email alerts for all transactions, daily transaction limit controls, and login device binding. Investors should immediately contact their broker, bank, and SEBI's SCORES portal if they suspect ATO fraud, and should regularly review account statements for any unauthorised activity.