Preventing Account Takeovers

Account Takeovers (ATO), or Credential Stuffing is the practice of gaining illegitimate access to user accounts in an automated manner using stolen user credentials, infrastructure such as a Bulletproof Proxy, and an attack management toolkit. Successful account takeovers result in validated credentials that are either resold or used for a secondary attack, such as romance scam, funds transfer or loyalty points theft.

Account Takeover and Romance Fraud

In the case of Zoosk, a dating application, bad actors executed an ATO against the mobile app API. The stolen account was then used to establish a romantic relationship with another Zoosk user and, as the relationship blossomed, the bad actor requested money due to a sudden death or illness in the family. The unsuspecting user gave the money to the bad actor, who was never to be seen again. Prior to implementing Cequence, romance scams at Zoosk averaged $12,000 with each occurrence. Now they are virtually eliminated, resulting in increased user confidence and strengthened brand awareness.

Account Takeover and Romance Fraud

Account Takeover and Financial Fraud

An example of an API-based attack against a financial services mobile application is shown in the image below. Bad actors decompiled the mobile application to (1) discover the account login APIs. An automated attack was then executed against the login API (2) and if successful the bad actors attempted to commit financial fraud by transferring funds (3) across the Open Funds Transfer (OFX) API.

Account Takeover and Financial Fraud

Bot Defense ATO Prevention Differentiators

Fraudsters have hacking toolkits and stolen identities widely available to enable ATO against your APIs and web applications. To curb the fraud, you need to detect and mitigate the attacks quickly.

Automatically Discover ATO Patterns

CQAI and Bot Defense automatically discover your API and web-based account login endpoints to build an intuitive site map for visibility and policy-based protection. JavaScript and mobile SDK-based solutions rely on device-only telemetry which slows application development, solution deployment and page load times.

Open, Extensible Platform

Using more than 150 customizable automation indicators, CQAI determines the malicious or benign intent of each application request. The REST API can be used to export CQAI findings to external systems for archiving, additional analysis or an alternative response.

Customizable Response Options for ATO Mitigation

Customizable mitigation policies provide multiple response options including block, rate limit, geo fence, or deception. Using deception allows you to send a custom response to the attacker, so you can box them in and stop the takeover.

New Apps Protected Automatically, Delays Eliminated

As new public-facing applications are deployed, they are automatically discovered and protected by Bot Defense, effectively baking security into your application deployment workflow.

Consistent Protection for API and Web Apps

Agentless approach allows you to deploy consistent visibility and policy protection for your API and web-based applications.

Container-Based Architecture for Greater Flexibility

A container-based software architecture allows Bot Defense to be deployed in your data center, the cloud or as a SaaS offering, so you can choose the architecture that best fits your needs.

Bot Defense ATO Prevention Benefits

Check Mark

Find ATO Attacks in Real-Time

CQAI and Bot Defense discover and stop account takeover attempts automatically – saving you incident response time while minimizing harm to your users and business.

Check Mark

Enhance Security Effectiveness

Customizable automation indicators and responses enable you to fine tune and maximize attack prevention policies to eliminate fraud associated with ATOs.

Check Mark

Integration Streamlines Response

Ensure information is where it needs to be when you need it. REST APIs and an open architecture enable integration with third party data sources and other IT infrastructure like your SIEM and SOC.

Our Customers

Every day, Cequence Security analyzes and protects billions of application transactions for customers in the financial services, retail, and social media industries.

Narvar logo
houzz logo
MX logo
Zuliliy logo


Browse our library of datasheets, research reports, blogs, and archived webinars to learn more about our Application Security Platform.

Research Reports
Bulletproof Proxies: The Evolving Cybercriminal Infrastructure

This report maps attack patterns observed within the Cequence Security customer base to one of the leading Bulletproof Proxy providers.

View Report
Preventing Fraud Caused by Account Takeovers

Organizations are plagued by automated attacks such as account takeovers and fake account creation. Learn how these attacks work, how the attackers hide in plain sight, and innovative strategies for catching malicious bots.

View Now
Case Studies
Zoosk: Preventing ATOs and Romance Fraud

Discover how Zoosk eliminated romance fraud by preventing ATOs targeting the mobile APIs.

Read More

Bot Defense SaaS Free Trial

Start preventing fraud caused by account takeover attacks and API business logic abuse now.

Bot Defense SaaS