| Account Takeover | ATO | Unauthorized access or attempts to compromise existing customer accounts such as credential stuffing, account takeover attempts, and account security changes. | Password changes, account information changes, multifactor authentication attempts or changes, notification preference changes |
| Withdrawal | ATO | Attempts to transfer, withdraw, redeem, or access funds, balances, credits, rewards, or other stored value from an account. | Transaction attempts, balance inquiries |
| Scalping/Hoarding | FA | Creating or operating accounts to acquire limited-availability inventory, products, or services for resale or stockpiling. | Cart or purchase-related actions |
| Mass account creation | FA | Creating large numbers of accounts for abuse, automation, or fraudulent activity. | Registration and authentication attempts |
| Boosting | FA | Artificially inflating ratings, reviews, referrals, engagement, reputation, or other platform metrics. | Referral-related or review-related transactions |
| Scraping/Inventory | FA | Collecting content, pricing, inventory, or other data in an automated or abusive manner. | Product or inventory searches |
| Carding | ATO/FA | Validating, testing, or abusing payment cards, gift cards, or other payment instruments. | Card or gift card-related transactions |
| Spamming | ATO/FA | Sending unsolicited, fraudulent, or abusive messages through platform communication features. | Messaging or notification-related actions |
| Payment | ATO/FA | Abuse involving payment-related actions, payment methods, stored payment instruments, or financial transactions. | Payment method changes, transaction attempts |
| Checkout/Promotion | ATO/FA | Abuse of checkout flows, discounts, promotions, coupons, loyalty programs, or purchase incentives. | Checkout-related actions, coupon or promotion usage |
| Referral | ATO/FA | Abuse of referral programs, referral credits, referral rewards, or invitation incentives. | Referral-related actions |
| Default ATO | ATO | Default attack pattern for unauthorized access or attempts to compromise existing customer accounts. | Any sensitive transaction without a configured use case |
| Default FA | FA | Default attack pattern for fake accounts or fraudulent activity. | Any sensitive transaction without a configured use case |
| Custom | ATO/FA | Custom attack pattern for unique business flows or specialized use cases. | Any sensitive transaction without a configured use case |