When some institutions think of account takeover they think of chargebacks, fraudulent money movements, or rewards abuse, for example. But fraud doesn’t start with a chargeback; it begins long before that, at the account origination or pre-login stage. Credential testing or harvesting attacks are some of the most common sophisticated mass-scale threats paving the way for account takeover. Unfortunately, most companies don’t have the right tools to catch them… until it’s too late.
The ATO below the surface
Companies are focusing on stopping account takeover attempts without realizing that the attack goes far beyond this one event: it probably started acting days, weeks or months ago.
The path to account takeover
Account takeover is not just the fraudulent use of an account; it includes other phases such as credential testing, data aggregation, and finally, account takeover.
1. Credential testing
After buying a stack of stolen credentials, the bad actors test them against a company’s login interface to find which ones have correct combinations. This automated attack happens without the company noticing it. Once the working credentials are found they are marked with, what you could call, a Verified Stamp of Approval, and are resold on the black market for a higher value.
2. Data aggregator
Account validation aggregators receive the verified credentials and run scripts against the company’s login functionality. These aggregator scripts continually test if the username and password combinations are still valid. Their scripts can even check each account hourly and display the updated result on the web.
3. Account takeover
The final step is what we commonly know as account takeover. Unlike the previous steps, this is normally not performed by a script but directly by a human; by the bad actor who purchases the verified credentials. At this point, he or she simply accesses the account to make profit from it. This is the last link in the ATO attack chain but also the only time the company can detect a problem. Because of the different steps in the account takeover cycle, it can take days, weeks, or months before the targeted company sees a financial loss. Once the damage is done, the attack has already been finalized and it’s nearly impossible to trace it back without the right tools.
Diving below the surface
The human account takeover event is just what we see above the surface. To get there, there is a myriad of undercover attacks that take place under the radar. A solution that understands the technology attackers are using will help your company successfully thwart the threat before any company or customer damage happens. – Want to read more about how to combat account takeover? Access this Aite Group report, Trends in Account Takeover here. You can also learn more about NuData’s solution, NuDetect for Account Takeover, which helps organizations stop account takeover before it starts with the power of behavioral analytics and passive biometrics.