Handcrafted Fraud and Extortion: Manual Account Hijacking in the Wild
Venue
IMC '14 Proceedings of the 2014 Conference on Internet Measurement Conference, ACM, 1600 Amphitheatre Parkway, pp. 347-358
Publication Year
2014
Authors
Elie Bursztein, Borbala Benko, Daniel Margolis, Tadek Pietraszek, Andy Archer, Allan Aquino, Andreas Pitsillidis, Stefan Savage
BibTeX
Abstract
                Online accounts are inherently valuable resources---both for the data they contain
                and the reputation they accrue over time. Unsurprisingly, this value drives
                criminals to steal, or hijack, such accounts. In this paper we focus on manual
                account hijacking---account hijacking performed manually by humans instead of
                botnets. We describe the details of the hijacking workflow: the attack vectors, the
                exploitation phase, and post-hijacking remediation. Finally we share, as a large
                online company, which defense strategies we found effective to curb manual
                hijacking.
              
             
 