Reduce risks of user sign-up fraud and SMS pumping with Amazon Cognito user pools
Security Blog
This article discusses ways to reduce the risks of user sign-up fraud and SMS pumping attacks on Amazon Cognito user pools. It covers various prevention, detection, and mitigation strategies.
Specifically, the article covers:
- Protecting the sign-up flow by implementing bot mitigation, validating phone numbers before sign-up, and using custom confirmation flows or alternative OTP delivery methods
- Detecting SMS pumping by monitoring service quotas, CloudTrail events, and excessive billing
- Applying AWS WAF rules for mitigation, such as blocking specific IP addresses, phone number area code patterns, and client fingerprints (JA3)
- Considerations for AWS WAF remediation approaches
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Sep 13
2024
2024
Amazon Cognito user pools now offer email as a multi-factor authentication (MFA) option
Aug 5
2024
2024
SaaS authentication: Identity management with Amazon Cognito user pools
Nov 22
2024
2024
Improve your app authentication workflow with new Amazon Cognito features
May 30
2024
2024
Amazon Cognito user pools now support the ability to customize access tokens
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.