A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Account Hijacking

Using someone else's personal information to access current financial accounts or create new ones

Account hijacking is a form of identity theft, one of the fastest-growing types of consumer fraud. Identity theft is when someone uses your personal identifying information (e.g., name, address, social security number, financial institution account number, username or password) to commit fraud.

In account hijacking, the criminal uses phishing (tricking you into giving out your information) or hacking (breaking into your computer) to get your personal information. They then use this information to access current financial accounts or create fraudulent new accounts. A recent study estimated that nearly two million Internet users in the U.S. experienced this form of fraud in 2003.

Protective Measures


  • Check financial institution web sites for alerts: Some financial institutions place alerts on their web sites with examples of spoofed (phishing) emails and subject lines. They also provide toll-free numbers and email addresses for reporting identify theft, links to the Federal Trade Commission and other agencies, and advice for preventing and reacting to account hijacking. Check your financial institutions’ sites for this information.

  • Do not respond to emails from financial institutions with personal information: Phishing attacks send email to a large number of people, hoping that some of them will have accounts at the spoofed financial institution and respond with their personal information. Reputable financial institutions will not ask for your personal information by email.


Identity theft first became a federal crime in 1998, but no current law or regulation focuses exclusively on account hijacking. The ID Theft Act makes identity theft a federal crime punishable by up to 15 years' imprisonment and a maximum fine of $250,000. It enables the Secret Service, FBI and other law enforcement agencies to combat the crime, and it allows victims to seek restitution in the event of a conviction. It also designates the Federal Trade Commission as the clearinghouse for complaints.


The Identify Theft Assistance Center  (ITAC) was formed in 2003 to help identity theft (including account hijacking) victims recover their financial identities and restore their credit ratings. ITAC works with the FTC and law enforcement agencies, and the information it collects is used to help prevent such crimes in the future. See their Victim Assistance  page for details.



My home page