True crime news logo
    • Krimidex

Sign up for our newsletter and get the latest stories

Never miss the latest true crime news, reviews and top lists — plus new podcasts, series, films and books.

You can unsubscribe with one click from any email.

True crime news logo

The international true crime destination. Cases, documentaries, podcasts and travel routes.

© 2026 truecrime.news. All rights reserved.

Krimidex/account-compromise
ConceptInternational

account-compromise

The unauthorized takeover or access of a user's online account through stolen credentials, phishing, social engineering, or technical exploitation, often used as a precursor to fraud.

account-compromise — Krimidex illustration

Definition

Account compromise occurs when an unauthorized person gains control of or access to another person's online account by using the account holder's credentials or other means of acting on their behalf. This is not a standalone term defined in a single federal criminal statute, but rather a descriptive term widely used in federal law enforcement, cybersecurity, and financial regulatory materials to characterize a form of digital intrusion.

The compromise typically occurs through phishing attacks, credential theft from data breaches, social engineering tactics, malware, or brute-force password attacks. Once an account is compromised, the attacker can impersonate the legitimate account holder, send fraudulent communications, initiate unauthorized financial transactions, or use the compromised account as a stepping stone to infiltrate other systems or accounts.

In federal enforcement practice, account compromise is most commonly discussed in the context of Business Email Compromise (BEC) and Email Account Compromise (EAC) schemes. The FBI's Internet Crime Complaint Center and the Financial Crimes Enforcement Network have issued advisories describing how compromised email accounts are used to conduct wire fraud, manipulate business transactions, and redirect payments to accounts controlled by criminals.

The primary federal criminal statute addressing account compromise is the Computer Fraud and Abuse Act, codified at 18 U.S.C. § 1030. This law criminalizes intentionally accessing a computer or account "without authorization" or in a manner that "exceeds authorized access." Prosecutors use this statute to charge individuals who compromise accounts through technical means or misuse of credentials. Depending on the subsequent fraudulent activity, additional charges may include wire fraud under 18 U.S.C. § 1343, identity theft under 18 U.S.C. § 1028, or other financial crimes.

Account compromise represents a loss of control over digital identity and assets. The compromised account holder is typically the victim, though in some cases law enforcement must distinguish between true compromise and instances where the account holder knowingly allowed another person to use their credentials for fraudulent purposes.

Related entries

account-compromise

Related articles

Svindlere omgår alle kontroller med rigtige konti og grønne signaler

The All Green Problem: How Fraudsters Beat Every Check

Financial institutions worldwide are reporting a growing wave of fraud that is nearly invisible to traditional security systems: the fraud originates from real accounts, on real devices, with correct passwords — and the system approves everything.

Facts

Type
Concept
Jurisdiction
International
Last updated
22 May 2026