SpyCloud Session Identity Protection prevents fraud from compromised web sessions
SpyCloud launched Session Identity Protection, a transformative early warning system designed to prevent trusted user fraud, one of the hardest forms of fraud to detect.
The new offering is powered by SpyCloud’s malware intelligence, which surfaces credentials and session tokens stolen from consumers by prevalent infostealers.
Existing anti-fraud solutions offer a fragmented overview of user activity, often designed to determine if a user is a bot or a human. Session Identity Protection, however, is the only solution to expand on standard fraud and browser checks to identify consumers whose session or trusted device cookies have been compromised or collected by malware. This allows tech firms, financial services companies, and retailers to mitigate the risk of hijacked sessions by giving organizations more comprehensive visibility into an untouched area of at-risk and exposed consumers.
“There are virtually no indicators that differentiate a legitimate user from a criminal using an anti-detect browser and stolen session cookie data. They look nearly identical, down to their geofenced IP, browser version, OS version, and even screen resolution,” said Jacob Wagh, Senior Product Manager at SpyCloud. “In some cases, analysis of SpyCloud’s database of recaptured breach and botnet data shows stolen session cookie data indicating a risk of fraud before the credentials connected to an associated account have even been compromised.”
Threat actors using stolen credentials often face the challenge of bypassing multifactor authentication (MFA), device ID checks, and newer browser fingerprinting anti-fraud technologies. However, in recent years, criminals have learned how to bypass these protections by relying on “anti-detect” browsers that can emulate a legitimate user’s trusted device and browser fingerprint. These tools are powered by a constant stream of malware infections that steal credentials, session cookies and other browser data – all available for sale on the dark web.
Trusted user fraud is one of the hardest forms of fraud to detect because it allows criminals to mimic legitimate users that have been compromised by malware. By accessing active…