Fraud Management & Cybercrime , Social Engineering
How Account Takeovers Subvert Victims' Social Networks
Agari's Markus Jakobsson Describes Account Takeover DefensesPhishing attacks, spoofing someone's email address or phone number, and running CEO fraud scams - aka business email compromise - are typically not technically sophisticated attacks. But attackers rarely bother with technical sophistication when easy social engineering schemes, such as "hacking" a victim's social network and using it against them, can give them what they want, says Markus Jakobsson, chief scientist at the cybersecurity firm Agari.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
And it should come as no surprise, he says, that account takeover attacks, in particular, have been increasing as attackers double down on low-cost, high-impact strategies for perpetrating fraud.
In a video interview at RSA Conference 2018, Jakobsson discusses:
- The rise of account takeover incidents;
- Why attackers favor account takeovers;
- Examples of how these attacks are launched and why they can be so successful.
Jakobsson is chief scientist at Agari, CTO of ZapFraud and a technical advisory board member for Stealth Security. He has more than 20 years of experience as a security researcher and scientist studying phishing, crimeware and mobile security at such organizations as PayPal, Palo Alto Research Center - PARC - and RSA Security.