Featured White Paper: A Guide to Continuous Identity Protection For Your Online Business Learn more
eBook - 4 Tactics Cyberattackers are Starting to Employ in Account Take Over Attacks Learn more
New Cloudflare Integration - Protecting your company is now simpler with Cloudflare. Learn more

Account Takeover Demo 3 - Appearing Better – Using Fake Accounts to Improve Reputation

Heather Howland
VP of Marketing

Attackers have started registering and using fake, ‘canary,’ accounts to build up the reputation of the IP addresses they plan to use in account takeover attacks. These accounts give an attacker a window into the site or service they are targeting and help them make vital adjustments that drastically improve the overall effectiveness of their attacks.

This demo shows a large scale attack that is using tens of thousands of IPs to attempt to login to the accounts of thousands of users. Much of the attack traffic comes from fake accounts. The attacker is using these accounts to help them figure out the site’s blacklists, rate limiting rules, and IP reputation policies to help them stay below thresholds and off the radar. Ultimately, if Castle hadn’t been there, this attack would have successfully used the credentials of more than 1600 users to login and steal sensitive data, transfer money, or disrupt services.

This video visualizes the second tactic in our four-part blog series on account takeover attack methods and mitigation capabilities. Read the blog post: How Acting Like Your Neighbor Helps Attackers Perpetrate Account Takeover Attacks