LATEST intelligence
PROTECTING AGAINST COMPROMISED ACCOUNTS IN EMAIL
Introduction
One of the key capabilities of an email security solution is the ability to detect anomalies . When something happens that ’ s out of the ordinary , it can be a sign that malicious behavior is afoot .
This can be referred to as account take over , or a compromised account . In an account takeover ( ATO ) attack , an attacker gains unauthorized access to the credentials for a user ’ s online account . This access can then be used for identity theft , fraud , and to enable other cyberattacks , such as access to a user ’ s corporate credentials to login and plant ransomware within the corporate network .
It ’ s more than just taking over an account . There are real-life concerns .
In a one study , Javelin Research found that account takeover increased by a whopping 90 % in 2021 . These losses totaled $ 11.4 billion , making up nearly a quarter of all identity fraud losses in 2021 .
In a separate study , Feedzai , a financial risk management company , found that account takeover was the top fraud scam , up from fourth place in 2021 and ahead of social engineering . According to Aite Group , account takeover attacks , across all industries , cost more than $ 16 billion in losses – a 300 % jump from 2020 .
According to the 2020 Global Identity and Fraud Report by Experian , 57 % of enterprises report higher fraud losses due to account takeover .
Further , according to UK Finance , account takeover fraud accounts for nearly a quarter of all fraud losses .
This correlates with the data that HEC researchers see . In March alone , we saw 1,345 unique compromised accounts . Of those , 783 began sending out phishing or spam messages . That ’ s a 179 % increase from the previous month .
So what to do ? In this whitepaper , we ’ ll discuss how to prevent account takeover from taking control of your business .
Monitoring Account Takeover
Although phishing messages are the most common way for hackers to gain access to an account , they are far from the only method . Large , third-party data leaks like Yahoo and LinkedIn have created a market for hackers to exchange stolen passwords . Even Post-It Notes are not safe from online distribution . A breach might include passwords for one service that employees have re-used on corporate accounts . Even a breach that doesn ’ t include raw credentials might include the personal information ( street address , high school , mother ’ s maiden name ) that make it possible for attackers to gain temporary access by requesting a password change .
The Equifax breach probably contains more personal information than the average person even knows about themself . Although anti-phishing security is important , it is only one part of the equation when it comes to defending against Account Takeover .
PRESENTED BY
Download whitepaper at :
WWW . INTELLIGENTCISO . COM 15