- 27 Apr 2023
- Updated on 27 Apr 2023
Account Defender protects your online resources from two types of threats.
An attacker uses credentials (or a stolen token/cookie) to log into a legitimate user’s account.
After logging in, the attacker will try to take control over the account permanently by changing some of the account settings.
Once the attacker has control, they will conduct fraudulent actions.
The flow of actions will likely be as follows:
- Change account email
- Change account password
- Change home address
- Disable Multi-Factor Authentication (MFA) or notifications
- Perform a fraudulent action (e.g., withdraw funds, purchase items, transfer credits, send spam)
- Repeat fraudulent action until the account has no more value
Fake Account Creation
An attacker creates multiple accounts in order to abuse some part of the system.
For every new account, the attacker will perform fraudulent actions to maximize the stolen value.
For example, the attacker may:
- Download paid content
- Redeem new user voucher (or free time period)
- Send spam
- Post fraudulent action, the account will usually be abandoned