Risk Triggers & Attack Patterns

Risk Triggers

Risk Triggers are Account Defender classifications that describe the source of suspicious activity.

Risk TriggerDescriptionExamples
DeviceAnomalies related to the device being used by a particular user, including device fingerprints, device environments, and cookies
  • Multiple users logging in with the same device fingerprint or cookie
  • A single user logging in from an anomalous device fingerprint
NetworkAnomalies associated with network identifiers from where the user makes a connection
  • Multiple users logging in with the same IP
  • Evidence of proxying
  • Users logging in from anomalous ASNs
LocationAnomalies associated with the location of the user
  • A single user logging in from two different countries within a short time period
BehaviorGeneral anomalies in the behavior and visitation patterns of a user
  • A single user or group of users with abnormally high volume of traffic
  • Users visiting paths through an invalid flow

Attack Patterns

Attack Patterns are Account Defender classifications that describe the attack scenario and the business context of the attack. In most cases, Account Defender assigns values based on the sensitive transaction involved in the detected activity. For example, malicious activity on a card-related sensitive transaction may be classified as carding. Meanwhile, malicious activity detected on a referral-related sensitive transaction may be classified as referral. Patterns can help you:

  • Better understand incidents during investigations
  • Identify common attack trends
  • Create and tune Policy Rules
  • Improve operational reporting and alerting

The following table shows all possible Attack Patterns, but only certain Patterns appear in your HUMAN dashboard based on your configured sensitive routes and unique use cases.

Attack PatternAttack TypeDescriptionExamples
Account TakeoverATOUnauthorized access or attempts to compromise existing customer accounts such as credential stuffing, account takeover attempts, and account security changes.Password changes, account information changes, multifactor authentication attempts or changes, notification preference changes
WithdrawalATOAttempts to transfer, withdraw, redeem, or access funds, balances, credits, rewards, or other stored value from an account.Transaction attempts, balance inquiries
Scalping/HoardingFACreating or operating accounts to acquire limited-availability inventory, products, or services for resale or stockpiling.Cart or purchase-related actions
Mass account creationFACreating large numbers of accounts for abuse, automation, or fraudulent activity.Registration and authentication attempts
BoostingFAArtificially inflating ratings, reviews, referrals, engagement, reputation, or other platform metrics.Referral-related or review-related transactions
Scraping/InventoryFACollecting content, pricing, inventory, or other data in an automated or abusive manner.Product or inventory searches
CardingATO/FAValidating, testing, or abusing payment cards, gift cards, or other payment instruments.Card or gift card-related transactions
SpammingATO/FASending unsolicited, fraudulent, or abusive messages through platform communication features.Messaging or notification-related actions
PaymentATO/FAAbuse involving payment-related actions, payment methods, stored payment instruments, or financial transactions.Payment method changes, transaction attempts
Checkout/PromotionATO/FAAbuse of checkout flows, discounts, promotions, coupons, loyalty programs, or purchase incentives.Checkout-related actions, coupon or promotion usage
ReferralATO/FAAbuse of referral programs, referral credits, referral rewards, or invitation incentives.Referral-related actions
Default ATOATODefault attack pattern for unauthorized access or attempts to compromise existing customer accounts.Any sensitive transaction without a configured use case
Default FAFADefault attack pattern for fake accounts or fraudulent activity.Any sensitive transaction without a configured use case
CustomATO/FACustom attack pattern for unique business flows or specialized use cases.Any sensitive transaction without a configured use case