How does Account Takeover work?
Account Takeover Attacks are happening regularly on virtually any website with a login function.
Credential Stuffing and Card Cracking are amongst the most commonly used Account Takeover Fraud techniques and each uses automated bots to gain brute force entry to an account.
- Credential Stuffing attacks crawl lists of leaked usernames and passwords, using bots to continually test combinations on multiple sites until they are successful.
- Card Cracking attacks use automated bots to match leaked usernames and dictionaries of passwords, until the code is cracked.
Usernames and passwords are acquired from mass data dumps that are readily accessible on the dark web. Each data dump can consist of millions of username and password combinations following years of data breaches carried out across multiple sites.
The challenge for businesses resides not only in the availability and low price point of data dumps, but consumer behaviour. With more passwords to keep track of, consumers are frequently reusing log in details across multiple sites and neglecting password updates for years at a time.
How to detect Account Takeover
Account Takeover is a profitable industry and a widespread problem as perpetrators use varying degrees of sophisticated attack techniques.
Netacea use a range of approaches to detect Account Takeover activity. At a simple level, the built in reputational analysis and blacklists of known bad actors can easily weed out the less sophisticated attempts.
However, this pool is rapidly shrinking as more complex tools are developed and become more widely available. To address the remaining attacks, Netacea has developed the leading, artificial intelligence based Account Takeover detection tool currently available.
How to prevent Account Takeover
Netacea’s Intent Analytics™ Engine uses advanced machine learning techniques to detect Account Takeover attempts by spotting patterns of behaviour that indicate suspicious behaviour. This includes spotting indicators of an upcoming attack, such as large amounts of fake account creations that can be used to camouflage an Account Takeover, as well as the attack itself.
Types of Account Takeover
Card Cracking
Credential Stuffing
Gift Card Fraud
Let us show you the power of Intent Analytics™ using machine learning to provide actionable intelligence and unrivalled protection against automated threats.