SpyCloud Launches Solution to Prevent ATO Fraud Caused by Session Hijacking
SpyCloud, the leader in account takeover and fraud prevention, announced the launch of Session Identity Protection, a transformative early warning system designed to prevent trusted user fraud, one of the hardest forms of fraud to detect. This solution helps enterprises protect malware-infected users from ATO and fraud due to session hijacking.
When consumers or employees use malware-infected devices, bad actors can access everything they need to be virtually indistinguishable from their victims, making it difficult to detect account takeover and online fraud until it’s too late.
Session Hijacking (or Cookie Hijacking) 101
Trick user into clicking on a dangerous link or downloading a malicious attachment to infect their device with malware.
The malware siphons all manner of data from the infected device, including credentials, autofill info, and web session cookies.
Use a stolen session cookie to authenticate as the user – without the need for a username and password – bypassing fraud controls including MFA.
SpyCloud Session Identity Protection
SpyCloud Session Identity Protection helps enterprises identify vulnerable users early by providing visibility of their malware-stolen session and device cookies so they can invalidate compromised browser sessions that allow bad actors to bypass MFA.
“There are virtually no indicators that differentiate a legitimate user from a criminal using an anti-detect browser and stolen session cookie data,” said Jacob Wagh, Senior Product Manager at SpyCloud. “SpyCloud’s database of recaptured breach and botnet data shows stolen session cookie data indicating a risk of fraud before the credentials connected to an associated account have even been compromised.”
Session Identity Protection gives enterprises access to stolen session data for their domain as well as third-party workforce service domains (i.e. mycompany.okta.com), so they can address this type of fraud proactively. When companies query the Session Identity Protection API, SpyCloud returns compromised cookie data associated with these domains that puts their users at risk, including the information they need to identify which accounts are vulnerable and determine how to intervene.
Even expired cookies matter: enterprises can also flag users with known compromised devices for future logins or transactions, even if the session has already expired.
Using the recaptured data provided by SpyCloud, enterprises can:
Protect high-value accounts from bad actors using stolen cookies to mimic trusted devices and sidestep MFA
Invalidate active sessions identified by a compromised cookie
Proactively reach out to high-value consumers and build trust
Flag vulnerable accounts with known compromised devices for increased scrutiny of future logins/transactions (regardless of cookie expiration time)
To learn more about Session Identity Protection, book time with our team:
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.