Account takeover (ATO) occurs when someone other than the authorized account holder gains access to that account data. A fraudster who takes over another person's account may cause damage by, e.g., changing the information in the profile of the legitimate owner, requesting money from the connections of the legitimate owner, sending out unauthorized invitations and spam, etc.
In order to detect and possibly prevent ATO, a defence system may be configured to automatically challenge suspicious login attempts with, e.g., using CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). One approach to detecting suspicious login attempts is to set a limit to the number of times that a login request originating from a certain IP address is accepted for processing during a period of time. For example, if the limit has been set to 1000 attempts during one hour, and if one thousand attempts has already been detected during one hour from the same IP address, a defence system may flag that IP address as a potential source of fraud and may automatically block any further login attempts from that IP address.
An IP address (Internet Protocol address) is used to identify computers on the Internet. An IP address is a 32-bit number subdivided into four bytes (four groups of eight bits or octets). The last number in the in IP address, e.g., number 155 in the IP address 204.132.40.155, is referred as the first octet for the purposes of this description. The binary equivalent of the IP address 204.132.40.155 is 11001100.10000100.00101000.10011011, its first octet is 10011011. An IP address is usually based on a real-world geographic location.
One example of a web-based service that may be subject to the threat of ATO is an on-line social network. An on-line social network may be viewed as a platform to connect people in virtual space. An on-line social network may be a web-based platform, such as, e.g., a social networking web site, and may be accessed by a use via a web browser or via a mobile application provided on a mobile phone, a tablet, etc. An on-line social network may be a business-focused social network that is designed specifically for the business community, where registered members establish and document networks of people they know and trust professionally. Each registered member may be represented by a member profile. A member profile may be represented by one or more web pages, or a structured representation of the member's information in XML (Extensible Markup Language), JSON (JavaScript Object Notation) or similar format. A member's profile web page of a social networking web site may emphasize employment history and education of the associated member.