This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story


Did You Just Try to Login? Why Account Takeover Is Still on the Rise

Security Boulevard

Walking through the exhibit hall this week at Black Hat USA 2023, the number of solutions for “Next Generation Threats” and “AI-Powered Adversaries” might reasonably lead you to believe that this is where a majority of cyber risk lies. Indeed the fixation on well-resourced adversaries capable of doing novel and clever things is so ubiquitous that it might cause you to think that classic problems have been largely “solved.” This begs the question: With so many security vendors out there, why does Account Takeover (ATO) still occur?

Account takeover (ATO) attacks have recently surged, impacting 1 in 4 adults in the US. The primary culprit is credential stuffing, the rapid testing of username and password pairs harvested from previous breaches. What makes this attack vector particularly vexing is its source – not platform vulnerabilities or cryptographic flaws – but the widespread habit of users reusing credentials across sites.


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information