This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Complete Story
01/26/2022
Understanding and Preventing Account Takeover
Security Boulevard
In the previous installment of our blog series on the modern threat landscape, we looked at how attackers can use credential stuffing attacks to break into valid user accounts. Today, we will continue to follow that theme by diving into the world of account takeovers (ATOs) to see how attackers use compromised accounts to commit fraud.
Like other threats covered in this series, account takeovers are problematic for traditional OWASP-style WAF rules. While these rules look for overt malicious actions such as injections or XSS attempts, an account takeover involves an attacker who has already gained credentialed access to a user’s account. At this point, there is typically no need for a traditional exploit as the attacker will perform various types of fraud with the compromised user’s account.
Alerts
The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.
more informationResources
Your electronic library to help in fighting financial fraud for all of our partners.
more information