ATTACKS OVERVIEW

Attackers walk through the front door by acting like real users

Criminals masquerade as customers by co-opting real behavior, devices and even identities

Real Behavior: Attackers simulate entire populations of users with genuine human characteristics to conduct fraud at scale. For example, to test out thousands of stolen credit cards for validity, an attacker may record a genuine human session with the application, with real mouse-movements, key strokes, timing, etc., and then replay that interaction thousands of times.

Real Devices: Attackers hijack devices via malware and pretend to be the device owners. For example, an attacker may use man-in-the-browser malware to divert funds after a victim has successfully logged into her own bank account via MFA.

Real Identities: Attackers steal pieces of real people’s identities, to pass themselves off as those customers online. For example, an attacker may steal a username and password to hijack a user’s online account or use a social security number to commit identity fraud.

Credential Stuffing
Credential
Stuffing
Credential stuffing attacks are responsible for account takeover (ATO).
Fake Accounts
Fake
Accounts
Bad actors use fake accounts to commit financially-motivated attacks such as reward abuse on retail sites and money laundering via online banking.
Credit Application Fraud
Credit Application Fraud
Attackers use stolen personally identifiable information (PII) to open an account in another person’s name.
Gift Card Cracking
Gift Card
Cracking
Attackers check millions of gift card number variations on a gift card balance lookup application to identify card numbers that hold value.
Scraping
Scraping

Attackers use automated tools to collect large amounts of data from a target application in order to reuse that data elsewhere.
Application DDoS
Application DDoS
Application DDoS is used by attackers to cause login problems, search timeouts, or unexplained database failures.
Aggregator Threat Surface
Aggregator Threat Surface
Financial aggregators create unintended risks for the financial institutions from which they source consumer data.

You used a Shape-protected Application 10 times This Week

Shape protects over 4 Billion transactions per week from imitation attacks on behalf of the world’s largest companies. So when you search for flights online, check your bank balance on your phone, or order clothes via Alexa, chances are, Shape protected that experience.

Shape Defense™

AI-powered web and mobile fraud protection for organizations of all sizes.

Shape Enterprise Defense™

Comprehensive, bespoke implementation and web and mobile fraud protection.

Blackfish™

Proactive user credential defense.

Shape Device ID™

Solution to identify online visitors and enhance fraud decisioning.

API DEFENSE™

Visibility and mitigation options to protect HTTP-based APIs.

MANUAL-ATTACK DEFENSE™

Protection against manual labor farm attacks on web applications.

You used a Shape-protected application 10 times this week

Shape protects over 4 Billion transactions per week from imitation attacks on behalf of the world’s largest companies. So when you search for flights online, check your bank balance on your phone, or order clothes via Alexa, chances are, Shape protected that experience.

SHAPE ENTERPRISE DEFENSE

Mitigates automated attacks on web and mobile applications.
Learn More

BLACKFISH

Alerts enterprises when users’ credentials have been compromised, proactively preventing account takeovers.
Learn More