Identity theft and account takeover: attacks and protective measures
How attackers take over accounts and misuse identities: credential stuffing, password spraying, SIM swapping, and MFA bypass techniques. Protective measures for businesses using Microsoft Sentinel, Conditional Access, and FIDO2.
Summary: Account takeover (ATO) refers to the unauthorized takeover of user accounts by attackers. Attack vectors: credential stuffing (leaked passwords), brute force, phishing/MFA bypass, session hijacking, password reset vulnerabilities, and SIM swapping. ATO is the starting point for fraud, data breaches, and privilege escalation. Detection: impossible travel, device fingerprinting anomalies, velocity checks.
Sources & References
Questions about this topic?
Our experts advise you free of charge and without obligation.
About the Author
M.Sc. Internet-Sicherheit (if(is), Westfälische Hochschule). COO und Prokurist mit Expertise in Informationssicherheitsberatung und Security Awareness. Nachwuchsprofessor für Cyber Security an der FOM Hochschule, CISO-Referent bei der isits AG und Promovend am Graduierteninstitut NRW.
11 Publikationen
- Understanding Regional Filter Lists: Efficacy and Impact (2025)
- Privacy from 5 PM to 6 AM: Tracking and Transparency Mechanisms in the HbbTV Ecosystem (2025)
- A Platform for Physiological and Behavioral Security (2025)
- Different Seas, Different Phishes - Large-Scale Analysis of Phishing Simulations Across Different Industries (2025)
- Exploring the Effects of Cybersecurity Awareness and Decision-Making Under Risk (2024)
- Sharing is Caring: Towards Analyzing Attack Surfaces on Shared Hosting Providers (2024)
- On the Similarity of Web Measurements Under Different Experimental Setups (2023)
- People, Processes, Technology - The Cybersecurity Triad (2023)
- Social Media Scraper im Einsatz (2021)
- Digital Risk Management (DRM) (2020)
- New Work - Die Herausforderungen eines modernen ISMS (2024)
