I would like to share insights about some clients that have experienced advanced attacks and ways to mitigate them.<p>Online fraudsters copied the platform and set up a fake login page. Then, by collecting and using the email base of the merchant of this platform, they sent an email campaign targeting merchants with a link to log in on the fake webpage to collect legitimate credentials and reuse them to gain access to the original platform.<p>Scammers use several residential IP addresses to access leaked credentials, and by using our online fraud protection platform, it was easy to detect suspicious login attempts, block attackers, and take forensic measures to evaluate the scope of the breach and mitigate the associated risks. Most importantly, the online platform didn't need to reset credentials for all merchants accounts.<p>As all described features needed to protect online platforms from such type of attacks are available in our open-sourced version, I believe link to Github should not be considered an advertisement.<p>[1] https://www.github.com/tirrenotechnologies/tirreno