Email Account Takeover Protection: Detect the Signs of MFA Bypass in Compromised Accounts

Abnormal now detects suspicious MFA device registrations to help identify and stop attackers trying to maintain access through MFA bypass.

October 31, 2023

Enhancement

Account Takeover Protection

Many recent, high-profile attacks have involved MFA bypass tactics such as session hijacking or MFA Fatigue. Attackers wanting to maintain a foothold in a compromised account will often bypass or manipulate MFA then socially engineer their way into registering a new MFA device.

To help detect and combat these tactics, we have added new signals to our Account Takeover Protection solution. Abnormal can now detect suspicious device registration that could indicate an attacker has manipulated the account and may be attempting to establish persistence.

Learn more about MFA bypass and how to stop it in this blog.

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.