I’ve recently joined Group-IB’s Fraud Hunting Platform team after almost 15 years fighting Financial Crime at companies such as Accuity, SWIFT, and Bottomline. In order to understand Group-IB, you need to understand its mission: to fight cybercrime while protecting the clients in cyberspace and helping them achieve their goals. Group-IB has 18 years of experience in cybercrime investigations and incident response operations globally. Today, this accumulated knowledge of fraudsters and their infrastructure continues to fuel our ecosystem of products. We continue to invest in our monitoring and research infrastructure all over the world that already includes threat intelligence centres in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).
What place does fraud have on the global cybercrime scene?
Fraud is the new compliance. For years banks and regulators tried to stop 100% of sanction breaches looking for a magic wand. Eventually, the realization that you can’t prevent all sanctions breaches hit home. The strategy refocused on making it so expensive and dangerous that the practice is not worth trying for most. The regulators made sure that it happened by adding fines to the banks that did not do enough to prevent sanction breaches.
We are witnessing a similar situation here when the industry seems to think that fighting fraud consists of detecting it and accepting the losses when you fail to stop the scam. But there is much more to it. Like in most other financial crime issues, the most effective strategy is to ensure that crime, successful or not, does not go unpunished.
Fraudsters are bullies, and if you bite back, they will avoid you. Hence, our solution not only detects and prevents fraud but also enables our clients to investigate thefts and hunt criminals and their infrastructure. Thanks to the company’s unified ecosystem of products, the Fraud Hunting Platform uses relevant Threat Intelligence & Attribution data, which helps detect hidden threats and suspicious connections and identify specific threat actors involved in incidents to start the process with the police.
What is The Fraud Hunting Platform? Can you explain in plain language how it works? Who are your customers?
The Fraud Hunting Platform (FHP) is a comprehensive solution for protecting mobile and web applications from identity or financial crimes, whether they are malware, bot attacks, fraud, or social engineering.
We identify genuine users from fraudsters by creating a behavioural and device profile of the legitimate users. By identifying with certainty that a real user is attempting to log in, we can then require additional MFA or block the fraudster trying to access the account.
With FHP, we protect more than 130 million users daily. In H1 2020, it shielded banking and eCommerce portals in Europe and Asia from bot activities, malware, and social engineering attacks and saved them roughly $140 million.
FHP is part of the Group-IB ecosystem connected to our Threat Intelligence & attribution solution, which provides FHP with global data on compromised credentials, credit cards, bank accounts, devices, and websites. Our Global ID technology also creates and monitors fraudster profiles containing IP addresses, devices, schemes, and techniques.
What are the most common types of fraud? Do they have regional specifics?
Social engineering thrives on the news about the pandemic. Many fraudsters exploit COVID-19 fears to increase the success of their operations. Also, malware attacks and bot activity continue to dominate the fraud scene for e-commerce and banking portals.
Authorized Push Payment – a form of financial fraud when the victims are tricked into transferring their money to scammers – is also observed in Europe in APAC. The victims usually get calls from scammers posing as bank employees, telecom providers, or insurance companies. The growing frequency of data breaches allows fraudsters to intensify operations as they access user records for follow-up attacks.
From there, the fraudsters can lure the victim into transferring money to them directly under the pretext that the account has been compromised. In other scenarios, they can request online banking credentials and a one-time password, install a legitimate remote access tool to get access to your account, and transfer money to theirs, all the while impersonating the bank employee, for instance. In advanced schemes, bots can replace the callers.
Cybercriminals are quick learners. Can you give us an example of the most sophisticated fraud schemes that you faced?
Scammers have learned to imitate payment pages, supposedly protected by 3-D Secure by creating phishing sites for popular services and online stores. A technology previously considered one of the most effective in protecting users’ payment data when paying for purchases online worldwide.
Group-IB experts first recorded this type of 3-D secure Fraud at the end of 2020. It refers to the so-called Card-Not-Present-fraud (CNP, card transactions without its presence). It is a more sophisticated development of the previously discovered P2P fraud scheme by Group-IB. The danger of using fake 3-D Secure pages is that they are difficult to identify. They often contain the logos of the international payment systems Visa, MasterCard, or a local e-commerce equivalent. They do not cause suspicion among buyers who want to complete a purchase online quickly.
At the same time, to the issuing bank, the client’s payment looks legitimate. It will be challenging for the client to retrieve their money sent to the scammers through the malicious 3-D Secure page, which confirmed the transaction with a verification code from SMS.
Last year, we introduced the innovative Preventive Proxy that protects against Internet bots, including those that emulate human behaviour. This module is part of the Group-IB Fraud Hunting Platform (FHP).
What can companies do to reduce the amount of fraud?
Fraud is a business to many. If we want to reduce the growth of that business and the number of new players, we need to increase the Risk Vs. Reward ratio. Leave no crime unpunished. Collect all the information you have on the case and share those with authorities so that the criminal can be held accountable.
Banks need to equip themselves with solutions capable of distinguishing between legitimate user actions and fraudulent activity to safeguard users’ digital identities at a technology level. This is possible thanks to the analysis of user behaviour and device metrics on the web and in mobile channels in real-time. In addition to using fraud hunting technologies, personal data operators need to continuously invest in cyber education, increasing customer awareness about different types of constantly evolving fraud schemes.