Light Dark
August 10, 2016 By David Strom 2 min read
Fraud Protection

If you want to detect malware or other potential risks across your enterprise, one time-honored method is to look at your endpoint behavior.

A recent Simility blog post detailed how it is tracking online fraud. With the help of a SaaS-based machine learning tool, the company and its beta customers have seen a 50 to 300 percent reduction in fraudulent online transactions.

Seven Keys to Tracking Online Fraud

In January, Simility looked at 100 different behaviors across 500,000 endpoints scattered around the world. It found more than 10,000 of those devices were compromised, and then looked for patterns of similar behavior.

Researchers found seven commonalities. These red flags can be applied in any organization to help security professionals identify fraudulent activities or suspicious behavior.

1. Mismatched OS and Device

A device is eight times more likely to be compromised if its OS is running on the wrong CPU, such as a 32-bit Windows running on a 64-bit processor. This is because the fraudsters are using a compromised version that they can better control.

2. Freshly Made Cookies

“Fraudsters clear their cookies 90 percent of the time, whereas unhacked users clear cookies only 10 percent of the time,” the study stated. Having more recently created browser cookies is a strong signal a PC has been compromised.

3. Do Not Track Set to Null

The browser setting Do Not Track has three possible legitimate values: yes, no or unspecified. Unfortunately, null is not a valid answer. There are other browser settings that have similar nonvalid settings; these are another warning sign of fraudulent activity.

4. Erased Browser Referrer History

Again, those tracking online fraud often see this as another tipoff. A PC with an erased history may be compromised, since a malicious actor is five times more likely to clear this history.

5. More Windows

Windows has such a high market share, and cybercriminals are no exception — in fact, they use these machines at a higher rate than the public. Chances are, if you are running on a Mac, your machine is legitimate. Windows users need to be a bit more careful regarding their security.

6. No Plugins or Extensions Installed

Most of the fraudster-controlled PCs had less than five browser plugins installed. Most legitimate PCs have more than that, with some users even installing over 25 plugins. However, more is not necessarily better. Too many plugins is one way that machines can be turned into botnet zombies because many are likely to be running older and unpatched versions.

7. Not Running Any Incognito Browser Sessions

A user running a private browsing session is three times as likely to be legitimate.

Check Your Mileage

Obviously, these indicators may differ depending on what kind of computers you have on your network and what your existing security best practices might be.

Still, this is an intriguing collection of behaviors that, taken together, might be useful. Set up your machine learning tools to track online fraud and see if your mileage is similar.

 |  |  |  |  |  |  | 
David Strom
Security Evangelist

More from Fraud Protection
October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

August 23, 2023

Remote access detection in 2023: Unmasking invisible fraud

3 min read - In the ever-evolving fraud landscape, fraudsters have shifted their tactics from using third-party devices to on-device fraud. Now, users face the rising threat of fraud involving remote access tools (RATs), while banks and fraud detection vendors struggle with new challenges in detecting this invisible threat. Let’s examine the modus operandi of fraudsters, prevalence rates across different regions, classic detection methods and Trusteer’s innovative approach to RAT detection through behavioral analysis. A rising threat As Fraud detection methods become more and…

August 17, 2023

Gozi strikes again, targeting banks, cryptocurrency and more

3 min read - In the world of cybercrime, malware plays a prominent role. One such malware, Gozi, emerged in 2006 as Gozi CRM, also known as CRM or Papras. Initially offered as a crime-as-a-service (CaaS) platform called 76Service, Gozi quickly gained notoriety for its advanced capabilities. Over time, Gozi underwent a significant transformation and became associated with other malware strains, such as Ursnif (Snifula) and Vawtrak/Neverquest. Now, in a recent campaign, Gozi has set its sights on banks, financial services and cryptocurrency platforms,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature