Begin Simulation
Account Takeover Defense Post-login Simulation
Fraudsters commit account takeover attacks (ATOs) to exploit user accounts and obtain the value stored therein. In this simulation, we'll cover how HUMAN helps you detect and neutralize compromised accounts that have been accessed by a bad actor.
Account Takeover Defense
Simulation
HIDE ME
Account Takeovers Can Cost Your Business
Bad actors use compromised accounts to commit fraud. Examples include draining stored funds, making illicit purchases, stealing personally identifiable information (PII), or sending phishing messages. These types of account abuse not only have financial consequences, but also negatively impact customer experiences.
Fraudsters change contact and security information, making it more difficult to reclaim an account.
Draining funds and making illicit purchases are two of many types of fraud associated with compromised accounts.
Initial Deployment
HUMAN detects and neutralizes compromised accounts by analyzing traffic for abusive and malicious behaviors. This is achieved by deploying a JavaScript snippet to relevant paths, such as login and registration paths. Post-login pages could also be targets for abusive activity.
Insert JS Snippet on template for all relevant pages
Setting Up Rules
Setting up automated response actions is straightforward. Drag and drop actions that will trigger a rule (e.g., a high risk score or email domain). Then set automated response actions, such as blocking the device fingerprint, adding the incident to the dashboard, or locking the account.
Choose the response actions that will automatically apply when the rule conditions are met.
Define the trigger conditions for the rule. Multiple conditions can be included in the same rule.
Drag and drop the rule conditions and response actions for fast rule creation.
Dashboard View
When you log into the console, you will start with the Business Insights dashboard. This shows a high-level view of account takeover detections. The overview covers incidents, risk levels, most common risky behaviors, mitigation actions, geographic source, and email/IP reputation.
Understand what triggered an ATO detection and see response actions that were taken.
See how many compromised accounts are detected each month and the associated risk levels.
High-level overview showing the number of suspicious activities, the number of monitored activities and devices, and how many accounts are being protected.
Identify any geographical hotspots for detections and view the email domain and IP address reputations associated with risky behaviors.
SCROLL
Investigation
Switching to the main dashboard, we can see an overview of recent account takeover events, split into those that are awaiting review and those that have been resolved. This dashboard shows the ATO detections with key details, including how many accounts are invovled in a detection, when it was detected, the trigger, and any response actions. Selecting an item takes us to the investigation dashboard where we can examine items in more detail.
See the status of the detection, post-investigation.
Understand the activity that triggered the detection.
See how many ATOs are linked in the detection.
Choose between detections pending investigation, resolved cases, and viewing all.
Deeper Analysis
The Account Status section shows key incident details and other accounts that are related to the detection (if any). The activities timeline details what took place when (e.g., when suspicious activity started to occur in the account). The Identifiers History shows any deviation from normal account usage. Examples include a new device, network, or geographic location. You can see a detailed list of events by scrolling down.
Access a detailed breakdown of activity associated with flagged accounts. Selecting the account ID allows you to investigate it further.
The Activities Timeline showcases monitored activities over time for the account. Risky behaviors are clearly called out.
See high-level account details, the date of the detection, and the type of attack.
The Identifiers History makes it easy to identify any deviations in normal account usage (for example, an iOS device instead of Windows).
Request a Demo
Account Takeover Defense gives you the ability to - Stop automated attacks - Block stolen credentials - Remediate breached accounts Request a full demo today