Effective Fraud Detection and Prevention with Threat Intelligence

Organizations have moved a considerable part of operations online to ease the purchase process for customers. It is much easier to have everything at hand online to make a purchase and have it delivered, instead of physically going somewhere, paying and picking it up. But this comes at a great security cost that many organizations still disregard.

According to Juniper research, unless organizations start to invest in Fraud Detection Growth around $ 9.6 billion annually by 2023, they stand to lose up to $130 billion in the same timeframe. And as time passes, the cyberthreat landscape is changing and adapting quickly. They are launching new campaigns and refining their tactics. Only efficient Threat Intelligence solutions can keep up and provide protection, instead of just reactions.

Types of e-commerce fraud and attacks

Web fraud

If a cautious attitude online is still a matter of personal choice, fraud and online attacks remain a very accessible reality for cybercriminals. One of the most common forms of online fraud is domain spoofing, when a victim is duped by a seemingly legitimate website or email address. While people might be a bit more careful when it comes to opening unsolicited emails, spoofed domain names are more difficult to avoid.

Fraudsters have several ways of doing this:

Domain masking – showing a fake URL in the web address bar, making the victim think they are on the legitimate website
Look-alike domain name – making very small changes that the untrained eye does not notice in the few seconds when checking the legitimacy of a web domain name. Changing an “o” with a “0” may sometimes be enough for people to access a fake website. This is called typo-squatting. A similar tactic is that of using homoglyphs, similar-looking alphabet characters.
Short URL – URL shortened links can be dangerous because you cannot see the real destination and you can end up on a fake website.

People end up on these websites and upload their personal data or try to make transactions, leaving them without money and without their credit card information. While a secure payment option will hide transaction details even from the service provider, the fake website will try to profit from every piece of information it can get the user to enter, credit card numbers in particular, with all their identification specifications.

Identity theft

Unsecured personal data is a treasure chest for fraudsters. Financial organizations may be the main target, due to the amount of data they collect and the facilitation of money transfers on their websites, but they are not the only organizations under attack.

In 2019, cybercriminals profited from people’s desire to contribute to the Venezuelan cause (the country was in dire need of humanitarian aid) and stole identification information from a volunteer sign up data base. Full name, personal ID, phone number, personal address, along with other personal data about jobs and possessions, was the type of information that people offered in order to tell organizers how they could help. This was a case of DNS manipulation as no matter whether people accessed the real or the fake domain name, both were resolved within Venezuela to the same IP address -- that of the fake domain owner.

Such information can be used by fraudsters for identity theft (71%), phishing (66%) and account theft (63%). Once acquired, they use it to buy items online under an existing name, which can be verified, and use the payment details of that person. It is much easier for them to do this than to invent a persona. Stolen personal and credit card information can circulate among attackers, being used, and sold over and over on the dark web for years, making life and online purchases very difficult for the person whose data is used.

Database intrusion techniques

Attackers can use the stolen personal information to gain access to the database of large organizations and defraud them from within. Once again, it’s up to organizations to keep their online environment as safe as possible.

Payment fraud – attackers using stolen credit card data.
Account takeover – attackers taking over verified and used accounts.
Fake account registration – the most intrusive and resource consuming fraudulent technique.

According to InSights specialists, information stolen in 2014 can resurface in 2019, being recirculated over and over again. Once a customer’s information ends up on the dark web, there is little chance of recovery. This makes identity theft and e-commerce fraud particularly dangerous for all online users of an organization’s website, because while a traditional theft means losing whatever you have on you at that moment, online identity theft gives attackers access to your online registered assets and personal information for a very long period of time.

How to use threat intelligence

In the long run, although they are not directly responsible for the attack, organizations’ reputations suffer for not having protected their customers. It’s seen as their duty to make sure they protect against such attacks.

An organization can be proactive or reactive. Being proactive buys time and protects the organization’s reputation and bottom line. Reactive measures can only limit damages once they have occurred. TI gives you the advantage of fast, accurate and thorough understanding of the threat, allowing for quick, severity-suited reactions so that the attackers’ infrastructure and harmful methods are neutralized, isolated, minimized or deflected.

One proactive but potentially expensive measure would be to have your security team register similar domain names to the ones owned, so no attacker could use the most accessible options. Another proactive option is to gather intelligence from across the public attack surface so as to compile and monitor as much information as possible. The right Threat Intelligence solution can structure this information and make it actionable so you can take the proper steps to protect your organization. This means putting global data in a context relevant to you and giving you a complete view of your organization’s weaknesses.

An efficient TI solution reduces your workload considerably as it runs Internet searches, including on the dark web, for malicious links. It can analyze all threats and alerts, and it can reduce the time it takes to address the effects. Actionable Threat Intelligence means immediately (in the span of a few minutes) identifying and operating a take down of a malicious domain.

Your chosen TI solution should integrate a threat-messaging platform and should be able to react and automatically respond to specific threats. An organization with such a service implemented gains time for its SOC team as it doesn’t have to scan constantly updated information feeds and choose the alerts worthy of a response. The TI solution does the analysis and reacts in a matter of minutes.

Taking the Venezuelan case alone, with such expert DNS manipulation, a good TI solution could have blocked fake domain names as phishing attempts. In the case of payment fraud, TI can discover the use of stolen credit card data circulated on the dark web. For account takeover, TI should monitor suspicious activity, anything different from the traditional activity of an account, and flag it for alerting. And when it comes to fake account registration, something most e-merchants and social media platforms are constantly up against, the battle would be harder to win without Threat Intelligence running a proper analysis. And even so, the number of fake accounts on these platforms is high, around 16% for Facebook, for example.

Conclusion

Domain monitoring and the checking of stolen information and other data that can be discovered on the dark web is not something customers can do to protect themselves. Other than the obvious inspection of domain names for visible changes or a general wariness of links to websites from other sources or in a shortened version, customers can easily fall for the many types of domain fraud.

On a more personal level, they can place account freezes and fraud alerts, actions that are more reactive than protective. It takes all organizations having strong Threat Intelligence solutions and using them to create a safer online environment.