We have been conducting ongoing research on the dynamics of credential theft. Our intent was to learn about how accounts are being taken over once credentials are compromised through a Phishing campaign. It is a "victim's POV" approach to Phishing research that has not been taken to date.
In our "beyond takeover" research, we maintained 57 fake identities through a period of 6 months in platforms well-known as phishing targets like Google and Facebook. We invited attackers in by admitting the credentials of these accounts to selected phishing campaigns and traced the activity of the attackers in the accounts.
In this session, we will share our findings from this research. We will present takeover stories and some statistics for interesting questions. After falling into a phishing trap and giving one's password to a fake site, how long does is take until someone will actually get into his or her account for the first time? What does the attacker look for in the hacked account? Where do they look first and which decoys attract their attention? Which security practices do attackers use when sniffing out a hacked account (hiding their geo-location or covering their tr