chat
expand_more

Email Account Takeover Protection: Detect the Signs of MFA Bypass in Compromised Accounts

Abnormal now detects suspicious MFA device registrations to help identify and stop attackers trying to maintain access through MFA bypass.
October 31, 2023
Enhancement
Account Takeover Protection

Many recent, high-profile attacks have involved MFA bypass tactics such as session hijacking or MFA Fatigue. Attackers wanting to maintain a foothold in a compromised account will often bypass or manipulate MFA then socially engineer their way into registering a new MFA device.

To help detect and combat these tactics, we have added new signals to our Account Takeover Protection solution. Abnormal can now detect suspicious device registration that could indicate an attacker has manipulated the account and may be attempting to establish persistence.

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.