Criminals corrupt trusted accounts by stealing credentials, and by infecting with malware, and then use the corrupted accounts to launch “the real” attacks. This type of abuse is rapidly on the rise, as existing security controls do not detect them. We will reveal trends, use cases, and best practices on how these attacks can be detected and blocked.