The Anatomy of an Account Takeover Attack

Are compromised credentials being used on your website or eCommerce platform?


It’s reported in the news almost every day, another company has been breached and more user credentials have been leaked. With breaches occurring so frequently a potential account takeover attack on your site or application has never been higher.


Someone else’s breach IS your problem.

When there is a reported data leak or credentials are compromised, usernames and passwords become available to purchase on the dark web. With every new breach the dark web comes alive with a frenzy of hidden activity; hackers and fraudsters scramble to validate combinations against other websites by using sophisticated automation technologies to test credentials, either on mass, across thousands of websites, or extremely targeted against specific online services and eCommerce platforms, to gain access to valuable accounts.

Account takeover is a form of fraud where a bad actor(s) will attempt to compromise the integrity of a real users account, often leveraging compromised credentials sourced from the dark web to gain something of value.  This could be theft of banking or credit card information, placing fraudulent orders, theft of personally identifiable information for use elsewhere, abuse of loyalty schemes or bonus points… the list goes on.

Forrester estimates account takeover costs $7 billion in annual losses in just the financial services and insurance markets! This excludes retail where we see account takeover attacks costing some of our clients as much as 2.5% of their annual revenue. On top of the financial loss is also the damage to customers’ faith in their online services.

With such high gains to be made it is no wonder attackers don’t conduct account takeover attacks randomly. Cyber criminals know who, what, when, where and why they’re executing an attack.

IT security professionals are fully aware that attackers are becoming more sophisticated, distributed and automated with each passing day. Cyber criminals have the tools needed and will silently test themselves and their kitbag against your website or web application over and over to establish benchmarks against your security measures and to ensure they avoid detection when performing the real account takeovers. But how do they do this?

Attend this live webinar on Eliminating Account Takeovers with Machine Learning and Behavioural Analysis to understand the anatomy of an account takeover attack, and more importantly how to proactively block fraudulent login attempts and reduce business risk by preventing account breaches and data leaks.

This webinar, presented by internet security and account takeover expert Thomas Platt will cover:

  • The anatomy of an attack and account takeover objectives and rewards.
  • Real customer examples of ‘volume brute force’ and ‘low and slow’ attacks.
  • Proactively identifying and mitigating attacks with Machine Learning and behavioural analysis.
  • How and why WAFs are unable to fully protect from sophisticated account takeover bots.
  • A sneak preview of something new from Intechnica.

Our customers see up to nine out of every 10 login attempts on web and mobile being attributed to credential cracking attacks via mass automated login attempts. Join the webinar to learn how you can gain visibility and proactively protect your customer accounts and online reputation.

Thomas Platt Intechnica

Eliminate Account Takeovers with Machine Learning and Behavioural Analysis

Wednesday, July 18th, 1pm BST

Reserve your space here.