Search

Protecting your Airwallex account: a guide to understanding and preventing account takeover (ATO)

What is account takeover (ATO)?

Account Takeover (ATO) is a type of fraud where a malicious third party gains unauthorized access to and control of a legitimate user's online account. Once they have access, fraudsters can perform various unauthorized actions, leading to financial loss, data breaches, and other serious consequences.

How does ATO typically happen?

One of the most common methods fraudsters use to initiate an ATO is phishing.

What is phishing? Phishing involves tricking individuals into divulging sensitive information such as login credentials (username, password), One-time passcodes (OTPs) from 2-factor authentication (2FA), card details, or other personal information. This is often done through deceptive emails, text messages (SMS), or websites that look legitimate.

Common phishing tactics leading to ATO:

  • Fake login pages: Fraudsters create websites that perfectly mimic the official Airwallex login page. Users might land on these sites by:
    1. Clicking malicious links in phishing emails or messages.
    2. Mistyping the Airwallex URL.
    3. Searching for "Airwallex" on search engines (like Google) and inadvertently clicking on a fraudulent ad or link that appears high in the search results.
  • Deceptive communications: You might receive an email or SMS that appears to be from Airwallex, urging you to log in to resolve an issue, verify your account, or claim a reward. These messages often create a sense of urgency.
  • Compromising credentials & 2FA:
    1. You enter your username and password on the fake login page.
    2. The fraudsters capture these credentials and simultaneously attempt to log in to the real Airwallex site using them.
    3. This triggers a legitimate 2FA prompt on your registered device.
    4. The fake website might display a persistent 'loading' screen or an error message, then prompt you again for the 2FA code (or a new one). You might think this is for your own login attempt.
    5. If you enter the 2FA code on the fake site, the fraudsters capture it and use it on the real Airwallex site. Crucially, they might use this first OTP to log in, and a second phished OTP to authorize critical changes like adding their own 2FA method or changing your contact details. This "double 2FA compromise" is a common tactic.

What to do immediately if you suspect an ATO

If you suspect your Airwallex account has been compromised, time is critical. Take the following steps immediately:

  1. Contact Airwallex support immediately: Report your suspicions to us through our official support channels. The sooner we know, the sooner we can help take action to secure your account.
  2. Reset your password: If you can still access your account, try to reset your password immediately to a new, strong, and unique one.
  3. Review recent activity: Carefully check your login history, transaction records, user lists, and account settings for any unauthorized changes or activities.
  4. Freeze cards: If you have Airwallex cards, immediately freeze any cards you suspect might be compromised or that you don't recognize.

How to prevent ATO

Proactive security measures are key to protecting your account:

  • Use strong, unique passwords: Create complex passwords for your Airwallex account and avoid reusing passwords from other services.
  • Enable and protect 2-factor authentication (2FA):
    • 2FA adds a critical layer of security. Ensure it is enabled for all users.
    • Be vigilant about where you enter your OTPs. Only enter them on the legitimate www.airwallex.com domain after you have initiated the login.
    • Be wary of multiple unexpected 2FA prompts. If you receive an OTP you didn't request, do not use it and investigate immediately.
  • Beware of phishing – Your first line of defense:
    • Verify website URLs: Always double-check the website address bar to ensure you are on https://www.airwallex.com before entering any login details.
    • Bookmark the official Site: The safest way to access your account is by using a bookmark you've created for the official Airwallex website.
    • Do not click suspicious links: Be cautious of links in emails, SMS, or other messages, even if they appear to be from Airwallex. If unsure, navigate to the Airwallex website directly through your bookmark instead of clicking the link.
    • Question urgent requests: Airwallex will never ask you for your full password, PIN, or OTPs via email, SMS, or phone. Be suspicious of any communication that creates urgency and asks for these details.
  • Secure your devices and networks: Keep your computer's operating system, browser, and antivirus software up to date. Avoid accessing your account from public or unsecured Wi-Fi networks.
  • Regularly review account activity and users: Periodically check your login history, transaction reports, and the list of users with access to your account. Remove access for users who no longer require it.
  • Educate your team: Ensure all users with access to your Airwallex account are aware of these security practices, especially regarding phishing and password/2FA security.

We strongly encourage you to implement all recommended preventative measures to minimize your risk.