Digital Fraud Is An Inside Job

hacked

Is there no end to the devious creativity of cybercrooks? If they’re not grabbing stolen credentials off the Dark Web then they’re neck-deep in buyer-seller collusion, or the long con of keeping fake accounts in good standing … just enough to drain them and abscond.

The new decade rises on a vast network of internet lawbreakers, from global syndicates to lone wolf hackers, some armed with military-grade means for cyber intrusion. Card-not-present theft — like when rideshare charges from a city you’ve never visited appear in your banking app — is traumatic enough for the typical person. Try wrapping your mind around the price tag of the average corporate data breach at $3.92 million per incident. Then multiply that by the 4.1 billion times it happened in just the first half of 2019. The figures are staggering.

Combatting aggressive online fraudsters calls for asymmetrical strategies that confound mal-bots with superhuman processing power. It’s a perfect job for the dynamic duo of unsupervised machine learning (UML) and Big Data, creating real-time detection architectures that look for trouble.

The matter is explored in detail, with a special focus on threat intelligence, in The Digital Fraud Tracker® for January 2020, a PYMNTS and DataVisor collaboration.

Catch Me if You Can

In the Capital One breach of 2019, a software engineer accessed 100 million customer accounts by exploiting a code weakness, then tried to share stolen customer data with others before being arrested. It was kind of an inside job (the person had previously worked on the system).

What about attacks from without? Email phishing scams seem so Y2K that it’s hard to believe how effective they are, even against corporations protected by fancy firewalls. In fact, phishing is the root cause of 90 percent of data breaches, including the giant commercial variety.

Digital signature firm DocuSign has fended off more hackers and phishing phonies than can be counted, so much so that they’ve become leaders in the field. The company’s half-million customers are often targeted with emails purporting to be from trusted brands and service providers, but in reality, they’re evildoers trawling for people’s usernames and passwords. The placing of malware in innocent-looking emails is another time-tested trick of web meanies.

Catching cybercriminals is difficult, but DocuSign helps get it done as part of its threat intelligence capability. “We have both open source and subscription-based threat intelligence feeds that give us information on the types of phishing activities and malware campaigns that may be out there,” said Emily Heath, chief trust and security officer at DocuSign.

Adding in the Low-Tech Approach

As advanced as systems get, they will continue to have trouble with certain types of cybercrime, from state-sponsored weapons-grade denial-of-service (DDoS) attacks to the rogue contractors that have been behind a half-dozen data breaches that cost millions of dollars and trillion in trust.

That’s why low-tech approaches should always be part of a multi-layered anti-fraud strategy. What’s a “low-tech approach” to cyberfraud? Educating employees and gig workers is one great way to reduce scares and actual incidents. As the old wisdom says, “Forewarned is forearmed.”