A compromised or fake account can be defined as the unauthorized access or control of an individual's or organization's online credentials. In cybersecurity this is often referred to as Account-Take-Over or abbreviated to (ATO). The legitimate account is taken-over, and often new credentials are added, effectively compromising the original account.
Hackers employ a myriad of techniques to compromise accounts, from phishing to brute force attacks, to gain entry into potentially sensitive accounts. Compromised accounts represent significant threats to data security.
Why does it matter?
An account that is compromised means a data breach and an Account Take Over (ATO) event has taken place. This means the account will have been accessed usually by bots or sometimes manually by persons unknown, while the legitimate account holder may be unaware of the attack, or indeed locked out of their own account.
Sometimes, we have a tendency to just say, well it’s a free account, with no access to anything. So what? There is no actual harm taking place. However, ignoring the problem of compromised accounts is the ONE thing you do at your peril, as we will show in this article.
Recognizing the Signs
Unusual Activity
One of the telltale signs of a compromised account is unusual activity usually as a result of bot activity. Why bots?
See here for a detailed article on how bots are used in Account Take Over (ATO) attacks. This unusual activity is unauthorized logins, changes in account settings, or suspicious transactions. Vigilance is key in promptly identifying and addressing such irregularities. It’s vital to monitor your key login metrics, and have alerting for any suspicious activity. These can be subtle but it’s important to ensure you know when the pattern of logins change. You should be monitoring all of the login events shown below.
- Number of new Accounts / daily / weekly
- Login Pass / Fail rate Ratio
- CAPTCHA Fail / Pass Ratio
- Ratio of Accessibility CAPTCHA eg Audio to visual
- Lost Password
- Change of Address / Updates
- Change of mobile / telephone number
Password Anomalies
Compromised accounts often exhibit changes in passwords without the account owner's knowledge. Users must stay vigilant for any unexpected alterations to their login credentials, as this can be an early indicator of unauthorized access.
Common Attack Vectors
Understanding the various attack vectors is crucial in fortifying your defenses against compromised accounts.
Phishing Attacks
Phishing remains a prevalent method for compromising accounts. Cybercriminals employ deceptive emails or websites, masquerading as legitimate entities, to trick users into divulging sensitive information.
Brute Force Attacks
Brute force attacks involve systematically attempting all possible password combinations until the correct one is found. Employing strong, unique passwords and enabling multi-factor authentication serves as a robust defense against such attacks.
Mitigation Strategies
Protecting your accounts requires a proactive approach. VerifiedVisitors make this much easier by deploying a Zero-trust at the network edge AI platform, to look for the telltale signs of account compromise or account take-over, BEFORE the accounts are breached. VerifiedVisitors works at the edge of network - and analyses the behaviour of your visitors to ensure only verified human visitors are allowed to login.
Regular Security Audits
Frequent security audits help identify vulnerabilities before they can be exploited. Conducting thorough reviews of account activity and settings is imperative for maintaining a secure online presence.
Multi-Factor Authentication (MFA)
Enabling MFA adds an extra layer of security by requiring users to verify their identity through multiple means. This significantly mitigates the risk of unauthorized access, even if login credentials are compromised.
Conclusion
In conclusion, safeguarding against compromised accounts is an ongoing effort that demands a proactive and informed approach. By staying vigilant, recognizing the signs, and implementing robust security measures such as VerifiedVisitors, users can fortify their digital defenses and navigate the online landscape with confidence.
