Data breaches, which can expose emails, passwords, credit card information among other personally identifiable information, are a constant concern for companies who store client data. Not all data breaches are software exploits, think Watergate. However, as data increasingly shifts toward being stored online, cybercriminals have plenty of opportunities to search networks looking for vulnerabilities. But hacking databases or past security systems is only one of many tactics used by cybercriminals. There’s also social engineering.
Social engineering relies on manipulating victims into providing important and potentially confidential information to fraudsters. For example, one morning a friend contacts you on a popular social media platform, asking if you can send them money to get out of a tight situation. Not thinking anything of it, you send your friend some money, only to eventually discover that your friend’s social media account was hacked. This is a common scenario that is facilitated in several parts. First, the fraudster obtains a list of emails, either through hacking into a database or purchasing them on the dark web. Next, the fraudster finds a way into a user’s account using their email, maybe through a brute force attack or some other means. Finally, the fraudster locks the original user out of the account, and uses it to pose as the original user.
Another common form of social engineering is phishing. Phishing is performed when the fraudster sends out seemingly legitimate emails to potential victims, hoping that they can divulge information to the fraudster.
What important information can we gather from a breach? For one, every breach points to a vulnerability. Therefore, we can learn a system’s vulnerabilities from each breach, and attempt to improve the security of that system. For example, we can look at how fraudsters are using social engineering to commit crimes. Are they sending out many emails? Maybe if a company has seen an increase in phishing emails to its employees in a given week, it’s possible a group is trying to compromise their system. Maybe the company being attacked can send out alerts, or try to filter these newer phishing emails. Looking for patterns from these attacks can help those in vulnerable positions build a plan to proactively mitigate the threat and protect their data.
Due to the pandemic, many businesses have moved online: companies, employees and customers. Many companies were not able to handle this load. Therefore, they had to shore up security, clean up loose ends, scan software for vulnerabilities and learn how these vulnerabilities can be reduced / ameliorated. Yet, even being proactive, and having a good strategy to react to potential fraud, can use the help of a system that can scale and adapt to this migration. Say a company sees a sudden spike in transactions going to one source: this can be a false positive (i.e. concert tickets just released to the public) or an indicator of fraud (i.e. lots of user accounts on one website hacked and used to purchase something. In this example, known chargebacks can serve as labels to train a model using supervised learning algorithms to predict fraud.
Many times a breach in cybersecurity is not realized until after the fact, after the damage has been done. Most responses will be reactive. However, companies will want to shift toward more proactive solutions, like training developers and users of the system on security compliance and best practices, as well as using a fraud detection system that is adaptive to these attacks, in order to provide meaningful means of mitigating future attacks. Our Connected Toolkit provides companies with this adaptability, not only to alert users when suspicious behavior occurs, but to learn from prior breaches, and predict where fraud will happen next.