Account takeover is considered one of the more harmful and nefarious ways to access a user’s account. The attacker typically poses as a genuine customer, user or employee, eventually gaining entry to the accounts of the individual they’re impersonating.
An advanced persistent threat (APT) is a highly advanced, covert threat on a computer system or network where an unauthorized user manages to break in, avoid detection and obtain information for business or political motives.
Compromised Credentials, a password, key or other identifier that’s been discovered and can be used by a threat actor to gain unauthorized access to information and resources, and can range from a single account to an entire database.
Credential stuffing attacks is where criminals will use stolen account credentials to access additional accounts by automating thousands or millions of login requests directed against your web application.
Cross-site request forgery (CSRF): CSRFs occur when an attacker tricks or forces an end user to execute unwanted actions on an application in which they are already authenticated. This might be executed through a link via email or chat and, if successful, can result in a transfer of funds or change in email address, for example.
A Pass the Hash attack is a technique whereby an attacker captures a password hash (as opposed to the password characters) and then simply passes it through for authentication and potentially lateral access to other networked systems
This attack, also known as directory traversal, allows the bad actor to manipulate paths to folders outside the web root folder, which can then be used to access web application files, directories and commands.
Smishing is a type of fraud that happens through text. Scammers impersonate organizations to steal your personal information or money often by sending links designed to download malware to your device.
Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.