SpyCloud launched session identity protection, a technology dedicated to preventing trusted user fraud, which is one of the most difficult types of fraud to identify. This new solution surfaces credentials and session tokens were taken from users by common infostealers, is driven by SpyCloud’s malware intelligence, the leader in account takeover and fraud protection.
Trusted user fraud is the most challenging fraud to detect as it allows violators to replicate existing users who have been hacked by ransomware. Fraudsters can avoid the points of authentication where they are most likely to be detected by accessing active sessions through ‘remember me’ options.
SpyCloud’s Senior Product Manager, Jacob Wagh said, “There are virtually no indicators that differentiate a legitimate user from a criminal using an anti-detect browser and stolen session cookie data. They look nearly identical, down to their geofenced IP, browser version, OS version, and even screen resolution. In some cases, analysis of SpyCloud’s database of the recaptured breach and botnet data shows stolen session cookie data indicating a risk of fraud before the credentials connected to an associated account have even been compromised.”
Session Identity Protection is the only way to go beyond conventional fraud and browser checks to identify customers whose session or trusted device cookies have been hacked or captured by malware. It allows internet companies, financial services corporations, and retailers to reduce the danger of hijacked sessions by providing a more comprehensive view of at-risk and exposed customers.
Multifactor authentication (MFA), device ID checks, and newer browser fingerprinting anti-fraud measures are frequently bypassed by threat actors using stolen credentials. Fraudsters have learned how to get around these measures in recent years by using “anti-detect” browsers that may imitate a legitimate user’s trusted device and browser fingerprint. These tools are driven by a never-ending stream of malware infections that capture credentials, session cookies, and other browser data, all of which are available for purchase on the dark web.