Authentication Fraud
What is it and how can we defend against it
Authentication Fraud occurs when attackers bypass or exploit authentication systems to gain unauthorised access to accounts, systems, or resources by impersonating legitimate users.
It is foundational to many cyberattacks, as gaining legitimate-looking access allows criminals to operate undetected within systems.
Common methods:
- Credential theft: Stealing usernames/passwords through phishing, data breaches, or keyloggers
- Brute force attacks: Systematically guessing passwords until finding the right one
- Session hijacking: Stealing active session tokens to bypass login requirements
- Man-in-the-middle attacks: Intercepting authentication credentials during transmission
- SIM swapping: Taking over phone numbers to intercept SMS-based two-factor codes
- Credential stuffing: Using leaked credentials from one breach to access other accounts
Emerging threats:
- Deepfake technology used to bypass biometric authentication
- AI-powered phishing that mimics legitimate login pages
- OAuth token theft and abuse
Prevention:
- Multi-factor authentication (MFA), especially hardware tokens or authenticator apps
- Strong, unique passwords with password managers
- Passwordless authentication methods
- Monitoring for suspicious login attempts
- Regular security awareness training