Protection site

SpyCloud Session Identity Protection prevents fraud of compromised web sessions

SpyCloud launched Session Identity Protection, a transformative early warning system designed to prevent trusted user fraud, one of the most difficult forms of fraud to detect.

The new offering is powered by SpyCloud’s malware intelligence, which reveals credentials and session tokens stolen from consumers by prevalent info thieves.

Existing anti-fraud solutions provide a fragmented overview of user activity, often designed to determine whether a user is a bot or a human. Session Identity Protection, however, is the only solution to extend standard fraud and browser checks to identify consumers whose session or trusted device cookies have been compromised or collected by malware. This enables technology companies, financial services companies, and retailers to mitigate the risk of hijacked sessions by giving organizations more complete visibility into an intact zone of at-risk and exposed consumers.

“There are hardly any indicators that differentiate a legitimate user from a criminal using anti-detection browser and stolen session cookie data. They look almost identical, down to their geo-fenced IP address, the version browser, operating system version and even screen resolution,” said Jacob Wagh, Senior Product Manager at SpyCloud. “In some cases, SpyCloud’s database analysis of the data Recovered breach and botnet data shows stolen session cookie data indicating a risk of fraud even before credentials logged into an associated account were compromised.”

Threat actors using stolen credentials often face the challenge of circumventing multi-factor authentication (MFA), device ID checks, and new browser fingerprint anti-fraud technologies. However, in recent years, criminals have learned to circumvent these protections by relying on “anti-detection” browsers capable of emulating a legitimate user’s trusted device and browser fingerprint. These tools are powered by a steady stream of malware infections that steal credentials, session cookies, and other browser data, all available for sale on the dark web.

Trusted user fraud is one of the most difficult forms of fraud to detect, as it allows criminals to impersonate legitimate users who have been compromised by malware. By accessing active sessions through common “remember me” functions, criminals can bypass authentication points where they are most at risk of detection.

SpyCloud Session Identity Protection helps prevent trusted user fraud by providing:

  • Alert users to active malware infections early – sometimes long before their credentials on a site are even stolen, allowing customers to proactively reach out to high-value consumers and build trust .
  • The ability to identify and invalidate any active sessions identified by a compromised cookie or consumers infected with malware such as RedLine Stealer and other insidious information stealers.
  • Protection against attackers using stolen cookies to impersonate trusted devices for high value accounts.
  • The ability to flag user accounts with known compromised devices for further review of future logins and transactions (regardless of cookie expiration time).