In Miami, Florida, cybersecurity analyst Laura Bennett is investigating unauthorized access incidents affecting Sunshine Credit Union’s online banking platform. Audit logs reveal that compromised accounts consistently involve users who accessed the portal through specially crafted links sent via email.
The links direct victims to the legitimate website, where they proceed to authenticate successfully. Shortly afterward, unauthorized access to the same accounts is observed without any additional credential guessing or brute-force activity.
Further examination shows that a value associated with the user’s interaction with the application remains unchanged throughout the authentication process and can be introduced before the user completes sign-in.
Which countermeasure should Laura implement to prevent this type of account takeover?
Submit