General discussion

  • Creator
    Topic
  • #2142824
    Avatar photo

    Account takeover attacks are on the rise

    Locked

    by Tammy.Cavadias ·

    Tags: 

    Account takeover attacks (ATO) are on the rise, and most (78%) result in phishing attacks within companies. 22% of ATO incidents target sensitive departments, meaning businesses must stay updated on cybersecurity efforts.

    [b][i]Have you or someone you know been the target of a phising email? How did you handle it? Let us know in the comments below or on the main article! [/i][/b]

    Read The Full Article: [url=”https://www.techrepublic.com/topic/security/#ftag=TRC-03-10aab7g”%5DAccount takeover attacks ramping up, leading to explosion of phishing[/url]

All Comments

  • Author
    Replies
    • #2442006

      This year was full of it

      by marinaelvis ·

      In reply to Account takeover attacks are on the rise

      Identity fraud is rampant as more and more consumers turn to digital technology to communicate with each other, buy products and services, join social media groups, chat groups and online clubs.

      The problem is just more and more, because more personal information can now be publicly available on social media channels and websites, and hackers are able to make personalized phishing attacks against recipients, making them more persuasive and likely to bypass many organizational security systems.

      • #2414847

        Hi

        by msmithmark1979 ·

        In reply to This year was full of it

        We can design the processes, tools, and provision of resources for a Cyber Security Operations Center

        (link removed by moderator)

    • #2420752

      ATO

      by mangatsbulwark ·

      In reply to Account takeover attacks are on the rise

      Account takeover (ATO) assaults, in which an individual’s qualifications are stolen and used to send messages from their genuine record, have numerous goals. A few aggressors attempt to utilize the hacked email record to dispatch phishing efforts that will go undetected, a few assailants take qualifications of different representatives and sell them operating at a profit market, and others utilize the record to direct observation to dispatch customized assaults. The most modern aggressors take the accreditations of a key worker and use them to dispatch a Business Email Compromise assault from the genuine representative’s email address.

    • #2422683

      How Could we handle it?

      by badshakhan ·

      In reply to Account takeover attacks are on the rise

      please guide us how do you handle it, And what should do we to get rid of them?

      • #2414177

        training and protection

        by patriciaslucia ·

        In reply to How Could we handle it?

        Hi training staff that’s definitely key and first and foremost. Show them what to look for and ensure they don’t go around clicking links. A good way to check for spam etc is to click the name that it came from. If they don’t recognise it – get rid of the email.

        This alone won’t combat the situation of being safe from phishing. You will need to look at getting the right protection in place, which is really important. Look to get your whole organization protected with spam and web filtering. You could try some good web and spam filtering on your machine too – like spamtitan etc This is key to make it harder for the emails to come through your workforces desk tops, which means that they don’t even get the chance to see them in the first place.

    • #2421716

      Ways to handle account takeover attacks

      by ayesha binte aziz ·

      In reply to Account takeover attacks are on the rise

      Attackers may takeover account by most commonly a phishing scam via email messages, or via dark websites they purchase credentials, use of malware to install key loggers, use a brute force tool, etc.
      Some prevention measures against these are that users shall be provided training and education for example upon how these attacks occur, importance of strong passwords and how to not to fall into any phishing scam. Users shall be required to make strong passwords.
      If the account has been taken over, some measures taken for the customer can be locking down the account, contact information shall be checked as attackers change it to lock users out, also their should be proper policy about account take over situation to make decisions quickly in this regard.

    • #2419321

      How can an individual prevent an accoubt takeover

      by kaymohlala ·

      In reply to Account takeover attacks are on the rise

      1. Avoid using same credentials for different accounts
      2. If you are using social media, have a limit of disclosing your information.
      3. It is advisable to change your passwords regularly.
      4. in terms of your bank account or credit card account, check your statement if it balance with your activities, if you notice any suspicious activity, report it to the bank immediately.

    • #2418076

      attacks

      by jens deferme ·

      In reply to Account takeover attacks are on the rise

      There is a solution for everything 😉

      Best regards

      Jens Deferme

    • #2421959

      How to protect your systems from account takeover

      by neil d ·

      In reply to Account takeover attacks are on the rise

      I recently came across a new open-source firewall named CrowdSec and decided to install it (it’s free). It can protect your systems from many different kinds of attacks, including phishing and account takeover. The technology is very easy to install and use. I had a chat with the guys behind it and they definitely know their stuff! They are aiming to build a reputation database which they will share with their user community. Definitely worth a try!
      https://github.com/crowdsecurity/crowdsec/releases/tag/v0.3.2

    • #2414726

      IP Address

      by kasunrathnayake4444 ·

      In reply to Account takeover attacks are on the rise

      An IP address is an identification number assigned to a computer connected to an Internet network. Concretely, this number is used to identify machines and allow them to communicate with each other, by exchanging data on the Internet.
      Know your IP address from your computer
      By default, operating systems have several internal tools to find out the IP address of the computer. In Windows, you have to open the command prompt and type the command ipconfig. Under Mac OS, open the Network panel located in System Preferences, and display the active connection. The IP address is presented as a series of numbers separated by periods, for example 192.168.1.30.
      Use an online tool to find out your IP address
      There are many websites that specialize in displaying the IP address. Among them, we recommend https://mylocationip.com

    • #2415023

      I was victim of Phishing Attack

      by priyankaagarwalbda ·

      In reply to Account takeover attacks are on the rise

      Recently(during the holiday time in Christmas) I got an email regarding some free vouchers. I generally do not open the links given in an email from a unsubscribed website, but this company had named itself the same as one of a famous company with a slight change.

      As soon as I clicked I understood it might be a scam and came out of the website.

      Luckily I have an MFA solution so did not panic about my accounts on various platforms.

      My learning:
      Use second layer protection. If you do not want to put money, there are a few good and reliable free solutions. ( I use RCDevs but duo, okta etc also have cheap price solutions)

Viewing 8 reply threads