Stop Account Takeover with Defend
The real threat of account takeover attacks
131%
increase in account takeover attacks in the first six months of 2022
70%
of compromised passwords are still being used
60%
of account takeover victims use the same password for multiple online accounts
ATO is rapidly increasing
Account takeover is a formidable threat to organizations because once an attacker has a user's credentials, they're easily able to exacerbate their damage.
Traditional signature- and rule-based detection methods can't stop them, because any emails that threat actors are sending from the hijacked account are coming from a legitimate source with a network of trusted relationships.
Between 2020 and 2021, there has been nearly a 90% increase in account takeover, costing an estimated $11.4B annually.
- 2022 Identity Fraud survey by Javelin Strategy and Research
Intelligent detection of phishing attacks from compromised accounts
1. Brand impersonation. Attackers will often impersonate well-known brands, like Microsoft, to increase their likelihood of tricking the user. Defend treats emails like this as highly suspicious.2. Natural language processing to detect credential theft. Defend analyzes emails for signals of potential credential theft. Password reset emails are often used to scrape a user’s credentials for account takeover.
3. URL scanning. The URL appears innocent to the recipient. Defend performs URL inspection on delivery and point-of-click, detecting that it’s maliciously redirecting elsewhere.
We’re really pleased with Defend. We’re now detecting a broader range of advanced phishing threats, including BEC and impersonation attacks.
Kevin Orritt, Cyber Security Manager, GMMH
URL rewriting to stop employees visiting phishing websites
4. Time-of-click URL inspection. Defend performs time-of-click inspection to detect malicious URLs that are weaponized post-delivery. Here it shows the lookalike domain used by the threat actor.5. Link redirect analyzed. Our simple user interface explains that the link redirects after clicking to another suspicious webpage where the credential harvesting would take place.
6. Employees are blocked from visiting phishing websites. Even if your users miss all the warning signs, Defend will stop them from visiting the malicious site altogether, preventing the takeover.
Intelligent technology that's easy for users to understand
4. Linguistic analysis reveals anomalous content. Email structure and copy identifies it as a fax receipt notification, but this is the first time the recipient has received one.5. Blue alerts highlight the email's origins. Our blue banners let the recipient know they've received an external email from a new contact. Based on our analysis, a red warning is also added.
6. Red warning banner alerts user to real-time risk. As Defend has identified the email as a phish with a malicious payload, a red warning banner is dynamically added to alert the user.
Highlight the risks that matter
Reporting on threats such as attempted account takeover attacks in your email flows can be manual and slow. Even worse, systems can throw too much unnecessary information at you, making it harder to make timely and effective decisions.
KnowBe4's intelligence platform provides simplified dashboards and critical insights so that administrators can quickly cut through the noise, identify email security risks, and, where necessary, remediate them.
Actionable insights
Data and analytics should not overwhelm you with information. Augmented threat intelligence into supply chain health, attack types, and payload gives Security teams what they need to take decisive action that mitigates threats.
Our real-time threat feed offers insights and statistics into email details, type of attack, threat levels, authentication checks, communication history, and how your people interacted with the email.
