LATEST INTELLIGENCE
ATO Attacks – A Direct Assault on User Privacy In an ATO attack , fraudsters often use an approach called credential stuffing . The technique utilizes bots to automatically inject stolen user IDs and passwords into login forms . The goal is to give the attacker access to , and control over user accounts . Successful ATO operations can be very damaging to victims , who not only lose control over their accounts , but also their PII . Depending on the type of site , fraudsters can obtain vast amounts of sensitive personal data with each successful login .
New Account Fraud – Abusing Previously Obtained Private Information New account fraud , or fraudulent account registration , is another common attack . Bad actors obtain stolen personal data , including login credentials via the dark web or another unsavory channel . As with an ATO attack , these bad actors then use bots to automate their attack , rapidly filling out new account forms with the stolen PII . The fraudulent accounts are used to make purchases , generate spam , spread misinformation , distribute malware , scrape PII from social media and other sites , and perform a host of other nefarious deeds . Any of these activities can be extremely harmful to the victim .
Automation : A Key Ingredient for ATO , New Account Fraud , and Other Attacks As described in the ATO and New Account Fraud examples above , automation is a key tool in an attacker ’ s arsenal . Without bots , many cyber crimes are too labor intensive to be profitable . Because bots are readily available , relatively inexpensive , and don ’ t require a great degree of skill to use , fraudsters turn to them to carry out their attacks . p
Download whitepapers free from www . intelligentcio . com / apac / whitepapers /
www . intelligentcio . com INTELLIGENTCIO APAC 21