The imposter in the session: Volume 1
The Hub and the Hive
Uncover an account takeover invasion in action
Fraud rings operate like the businesses they attack — structured, strategic and efficient. Individual imposters collaborate, each playing a defined role: some scout targets and tailor attack plans, others test stolen data and pass verified credentials to specialists who monetize attacks.
These coordinated rings are a driving force behind account takeover (ATO) fraud. Last year alone, ATO losses hit $16 billion, and attacks grew 24% year-over-year. By creating and distributing “how-to guides” that outline the steps to executing attacks — and sometimes even include stolen credentials to take over accounts — fraud rings’ efforts scale rapidly.
Using real, anonymized account takeover attacks, this report series exposes what fraud rings’ playbooks look like in action — and how to stop coordinated attacks in their entirety.
In this edition:
We uncover a fraud ring targeting a leading peer-to-peer payments provider. What looked like a routine login quickly turned out to be an imposter, part of a coordinated invasion involving multiple fraudsters and over 20 compromised accounts.
Inside, you’ll see:
- How this fraud ring was organized to maximize efficiency, including the roles of each member and the playbook the ring followed
- The signals that revealed a ring in motion
- The keys to stopping a coordinated ATO attack at its source
Download the report
Download the report now and uncover one fraud ring’s ATO playbook — and how to stop similar invasions before they scale.