Security

General discussion

Locked

Account takeover attacks are on the rise

By tcavadias Staff ·
Tags: Security, Malware
Account takeover attacks (ATO) are on the rise, and most (78%) result in phishing attacks within companies. 22% of ATO incidents target sensitive departments, meaning businesses must stay updated on cybersecurity efforts.

Have you or someone you know been the target of a phising email? How did you handle it? Let us know in the comments below or on the main article!


Read The Full Article: Account takeover attacks ramping up, leading to explosion of phishing

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

This year was full of it

by Marinaelvis In reply to Account takeover attacks ...

Identity fraud is rampant as more and more consumers turn to digital technology to communicate with each other, buy products and services, join social media groups, chat groups and online clubs.

The problem is just more and more, because more personal information can now be publicly available on social media channels and websites, and hackers are able to make personalized phishing attacks against recipients, making them more persuasive and likely to bypass many organizational security systems.

Collapse -

Hi

by msmithmark1979 In reply to This year was full of it

We can design the processes, tools, and provision of resources for a Cyber Security Operations Center

(link removed by moderator)

Collapse -

ATO

by mangatsbulwark In reply to Account takeover attacks ...

Account takeover (ATO) assaults, in which an individual's qualifications are stolen and used to send messages from their genuine record, have numerous goals. A few aggressors attempt to utilize the hacked email record to dispatch phishing efforts that will go undetected, a few assailants take qualifications of different representatives and sell them operating at a profit market, and others utilize the record to direct observation to dispatch customized assaults. The most modern aggressors take the accreditations of a key worker and use them to dispatch a Business Email Compromise assault from the genuine representative's email address.

Collapse -

How Could we handle it?

by Badshakhan In reply to Account takeover attacks ...

please guide us how do you handle it, And what should do we to get rid of them?

Collapse -

training and protection

by patriciaslucia In reply to How Could we handle it?

Hi training staff that's definitely key and first and foremost. Show them what to look for and ensure they don't go around clicking links. A good way to check for spam etc is to click the name that it came from. If they don't recognise it - get rid of the email.

This alone won't combat the situation of being safe from phishing. You will need to look at getting the right protection in place, which is really important. Look to get your whole organization protected with spam and web filtering. You could try some good web and spam filtering on your machine too - like spamtitan etc This is key to make it harder for the emails to come through your workforces desk tops, which means that they don't even get the chance to see them in the first place.

Collapse -

Ways to handle account takeover attacks

by Ayesha Binte Aziz In reply to Account takeover attacks ...

Attackers may takeover account by most commonly a phishing scam via email messages, or via dark websites they purchase credentials, use of malware to install key loggers, use a brute force tool, etc.
Some prevention measures against these are that users shall be provided training and education for example upon how these attacks occur, importance of strong passwords and how to not to fall into any phishing scam. Users shall be required to make strong passwords.
If the account has been taken over, some measures taken for the customer can be locking down the account, contact information shall be checked as attackers change it to lock users out, also their should be proper policy about account take over situation to make decisions quickly in this regard.

Collapse -

How can an individual prevent an accoubt takeover

by kaymohlala In reply to Account takeover attacks ...

1. Avoid using same credentials for different accounts
2. If you are using social media, have a limit of disclosing your information.
3. It is advisable to change your passwords regularly.
4. in terms of your bank account or credit card account, check your statement if it balance with your activities, if you notice any suspicious activity, report it to the bank immediately.

Collapse -

attacks

by jensdeferme12 In reply to Account takeover attacks ...

There is a solution for everything ;-)

Best regards

Jens Deferme

Collapse -

How to protect your systems from account takeover

by Neil D In reply to Account takeover attacks ...

I recently came across a new open-source firewall named CrowdSec and decided to install it (it’s free). It can protect your systems from many different kinds of attacks, including phishing and account takeover. The technology is very easy to install and use. I had a chat with the guys behind it and they definitely know their stuff! They are aiming to build a reputation database which they will share with their user community. Definitely worth a try!
https://github.com/crowdsecurity/crowdsec/releases/tag/v0.3.2

Collapse -

IP Address

by kasunrathnayake4444 In reply to Account takeover attacks ...

An IP address is an identification number assigned to a computer connected to an Internet network. Concretely, this number is used to identify machines and allow them to communicate with each other, by exchanging data on the Internet.
Know your IP address from your computer
By default, operating systems have several internal tools to find out the IP address of the computer. In Windows, you have to open the command prompt and type the command ipconfig. Under Mac OS, open the Network panel located in System Preferences, and display the active connection. The IP address is presented as a series of numbers separated by periods, for example 192.168.1.30.
Use an online tool to find out your IP address
There are many websites that specialize in displaying the IP address. Among them, we recommend https://mylocationip.com

Related Discussions

Related Forums