Account Takeover: Everything you need to know to keep your account safe

Digitalization made almost everything available at the tip of our fingers and banking is one of the many services that flourished in it. The rise of digital banks comes to no surprise as people begin to realize its benefits. Unfortunately, however, some people take the vulnerabilities of digitalization to their advantage. One of their most common strategies is account takeover.

What is Account Takeover?

Account Takeover, or account compromise, is a kind of attack fraudsters use to gain access to another person’s online account without their consent. It is a form of identity theft performed online that fraudsters use to take over other people’s important accounts and use it to their benefit.


In the case of online bank accounts, fraudsters usually change the victim’s password to lock them out once they get access to their account. After which, they can change the account’s email address and/or mobile number so that the victim won’t receive any communication regarding their account activities. Once successful, fraudsters withdraw or transfer the funds from their victim’s account.

How does Account Takeover happen?

Fraudsters normally use any of the following methods:


  • Take advantage of weak passwords – fraudsters try to crack accounts with old, weak, and repetitive passwords.
  • Phishing – fraudsters get access to personal and account information of victims through malicious emails, texts, and/or websites that usually mimic legitimate ones.
  • Credential stuffing – fraudsters take advantage of data breaches with the help of bots to log in on multiple websites using different combinations of leaked usernames, passwords, and other account information.
  • Brute-force attack – fraudsters use automated scripts to try as many password combinations possible in order to get access to their victims’ accounts.

How do I know if my account has been compromised?

Here are a few warning signs to look out for:


  • Receiving password reset emails that you haven't requested.
  • Receiving notifications for activities or transactions that you did not perform.
  • New or recent changes of information in your account that you did not process.
  • Unfamiliar transactions in your bank account.
  • A higher number of charge back requests or fraudulent transaction claims in your account.
  • Unusual activity like hundreds of login attempts to access your account or OTP messages.

How do I keep my account safe?

Follow these tips to add an extra layer of security to your account:


  1. Use long, complicated, and unique passwords on your accounts. Make sure not to use only one username and password for all of your accounts
  2. Take advantage of security questions and multifactor authentication.
  3. Install security software like VPN, identity theft protection, and routinely update your antivirus.
  4. Do not share your personal information with anyone online, over the phone, or through email.
  5. Regularly monitor your bank balance and transaction. Look out for transaction notifications/alerts that you receive.
  6. Do not share your account password, MPIN, OTP, debit card PIN, and other sensitive banking information to anyone, even to CIMB Bank representatives.
  7. Avoid logging in to your banking accounts when connected to public WiFi.
  8. Periodically change your password.
  9. Make sure that the email associated to your bank account is active and updated to get important notifications about your account.

What should you do when your account is compromised? 

  1. Stay calm.
  2. Immediately call your bank to block your account and to report the issue.
  3. If possible, login to your account and change password so fraudsters can lose access.
  4. Check if your other accounts are also compromised. Protect these accounts by logging in and changing their passwords if they have not yet been compromised.  


Staying careful and vigilant helps in protecting your account from fraudsters. Make sure to educate yourself on the many ways to keep yourself safe online and apply them accordingly. If you notice any malicious activity in your account, please do not hesitate to call our Customer Care Team by dialing #2462 (#CIMB) on your mobile phone. If you're currently not in the Philippines, please call +632 8 924 2462 (924-CIMB) or email us at


Stay safe and bank safely and securely from home with CIMB Bank!

CIMB Bank Philippines Inc. is regulated by the Bangko Sentral ng Pilipinas. You may contact the BSP Financial Consumer Protection Department at (+632)8708-7087 or