Complete Story
 

01/26/2022

Understanding and Preventing Account Takeover

Security Boulevard

In the previous installment of our blog series on the modern threat landscape, we looked at how attackers can use credential stuffing attacks to break into valid user accounts. Today, we will continue to follow that theme by diving into the world of account takeovers (ATOs) to see how attackers use compromised accounts to commit fraud. 

Like other threats covered in this series, account takeovers are problematic for traditional OWASP-style WAF rules. While these rules look for overt malicious actions such as injections or XSS attempts, an account takeover involves an attacker who has already gained credentialed access to a user’s account. At this point, there is typically no need for a traditional exploit as the attacker will perform various types of fraud with the compromised user’s account. 

Read more...

Printer-Friendly Version


Resources

Alerts

The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information
Resources

Resources

Your electronic library to help in fighting financial fraud for all of our partners.

more information