Account Takeovers (ATO), also known as Credential Stuffing is the practice of gaining illegitimate access to user accounts in an automated manner using stolen user credentials, infrastructure such as a Bulletproof Proxy, and an attack management toolkit. Successful account takeovers result in validated credentials that are either resold or used for a secondary attack, such as romance scam, funds transfer or loyalty points theft. Examples of ATOs and their secondary attacks are shown below.
Account Takeover and Romance Fraud
In the case of Zoosk, a dating application, bad actors executed an ATO against the mobile app API. The stolen account was then used to establish a romantic relationship with another Zoosk user and, as the relationship blossomed, the bad actor requested money due to a sudden death or illness in the family. The unsuspecting user gave the money to the bad actor, who was never to be seen again. Prior to implementing Cequence, romance scams at Zoosk averaged $12,000 with each occurrence. Now they are virtually eliminated, resulting in increased user confidence and strengthened brand awareness.
Image 1: Bad actors execute ATOs that then resulted in romance scams at Zoosk.