Cloud Account Takeovers

Why this matters: When attackers seize your cloud account (Google, Microsoft 365, Dropbox, iCloud, etc.), they can read email, steal files, reset passwords elsewhere, and impersonate you—often without you noticing.

What Is a Cloud Account Takeover?

A cloud account takeover happens when criminals gain unauthorized access to your online accounts and storage. From there, they can download private files, access backups, send phishing emails from your address, and lock you out.

How Attackers Gain Access

Phishing: Fake login pages steal your username & password.
Credential stuffing: Reused passwords from past data breaches.
MFA fatigue/prompt bombing: Spamming push approvals until you accept.
Malware/keyloggers: Capturing credentials from infected devices.
Insecure sharing/links: Public links exposing sensitive files.

Cloud account takeover infographic (FakeID 101) — Replace with your final infographic (optional).

How to Protect Yourself

Enable multi-factor authentication (MFA)—prefer app or hardware key over SMS.

Use unique, strong passwords and a reputable password manager.

Turn on login & file-sharing alerts and review security dashboards regularly.

Review connected apps & sessions; remove anything you don’t recognize.

Secure your devices: keep OS/browser updated and run trusted security software.

Limit public file links; prefer specific people sharing with expiration dates.

If Your Account Is Compromised

Regain access: Use account recovery to change your password immediately.

Rotate passwords on any accounts that used the same or similar password.

Revoke sessions/tokens: Sign out of all devices; remove suspicious third-party apps.

Check sharing & files: Remove unknown shares; review recent activity & download logs.

Enable/upgrade MFA: Move from SMS to an authenticator app or security key.

Warn contacts: Attackers may send phishing from your address; tell people to ignore recent messages.

For Organisations & Schools

MFA Everywhere Enforce MFA for staff, students, and admins.

Least Privilege Limit admin roles; use role-based access and approvals.

Conditional Access Block risky sign-ins; require compliant devices/locations.

Logging/Alerts Centralize logs (SIEM), alert on impossible travel & mass downloads.

Backup/Retention Maintain versioning & immutable backups for cloud files and email.

Awareness Train regularly on phishing, MFA fatigue, and sharing hygiene.

Common Red Flags

Unexpected password reset emails or MFA prompts.

Files or folders shared that you didn’t create.

“Impossible travel” logins minutes apart in different regions.

Outbox/sent folder shows messages you didn’t send.

Tip: Regularly review your cloud provider’s Security Checkup (Google) or Security Dashboard (Microsoft 365).