From Guardian Analytics
Business Email Compromise scams recently hit Facebook and Google, leading to a $100 million loss to both companies combined. The attacks revealed vulnerabilities that even the most sophisticated, tech-savvy companies face.
To get into the mega-tech companies’ systems, the fraudsters forged email addresses, invoices, and corporate stamps to impersonate a large Asian-based manufacturer with whom the tech firms regularly do business. According to a Google statement, “We detected this fraud against our vendor management team and promptly alerted the authorities.”
That was the right thing to do, of course, but it took the two companies more than two years to discover the damaging fraud.
The Problem Is Only Getting Worse
The extent of such corporate fraud is not generally well known because companies don’t want the public to know that scammers have made victims of them. Such attacks also weaken the public’s faith that companies can adequately protect customer proprietary information. Nevertheless, enterprise fraud is a pervasive and rapidly becoming a threat to companies of all sizes. Though financial institutions, such as banks and investment houses have shored up their IT defenses in recent years, scammers simply target corporations that have little or no defenses in place.
“As banks have gotten better at detecting fraud, criminals have broadened their attack surface and are now focusing on the relatively unprotected corporates,” said Julie Conroy, research director at Aite Group. “From business email compromise to fake invoicing, we’re seeing a rising tide of crime targeting corporates. As such, it’s important for these firms to have tools that can protect them from substantial losses.”
Stats to put it in perspective:
- The Association of Certified Fraud Examiners (ACFE) estimates organizations worldwide lose a staggering 5 percent of revenue to fraud. The median time to detect fraud: 18 months
- According to FBI stats, scammers netted more than $5 billion globally in four years from fake B2B invoicing (aka Business email compromise or BEC). BEC scams have grown at an astonishing 2,370 per cent over the past year.
- According to a report from the Ponemon Institute, the average 10,000-employee company spends $3.7 million a year dealing with phishing attacks. Also, in 2010, the average damage done to these companies was a whopping $6.5 million. Within four years, the costs related to phishing attacks have more than doubled.
Behavioral Analytics: The Missing Link in Fraud Detection
These high profile fraud cases highlight the critical need for applying advanced behavioral analytics software and techniques to protect against the increasingly sophisticated and evolving kinds of corporate fraud. Why behavioral analytics? Leveraging behavior-based anomaly detection is the only way to keep one step ahead of fraudsters. It’s the most effective way to detect and protect against multiple fraud schemes including account takeover of B2B web portals, business email compromise, fake invoicing, fake purchase orders and modified wire and ACH templates.
How Guardian Analytics fits in
The news of these recent scams underscores the importance of Guardian Analytics’ newest solution, Sentinel™. It was designed specifically to help CFOs, controllers, treasurers and business owners of procure to pay (P2P) processes and B2B web portals to detect and prevent these kinds of attacks.
Some companies already use Sentinel to protect against BEC; the solution leverages the same sophisticated behavioral analytics and machine learning technology that has been successful in reducing bank fraud by 80-90 percent.
Sentinel’s core technology offers corporations holistic protection against all types of fraud by using multiple layers of security:
- Login protection: Sentinel detects suspicious portal access including account takeover, session hijacking, and man-in-middle/man-in-the-browser-attacks
- Suspicious supplier payments and treasury fraud: Sentinel detects suspicious activity—including detecting fraudulent payment requests, fake invoices, stolen credentials, and modified payment templates—and proactively intervene before any money is transferred
- Sentinel’s sophisticated behavioral analytics detects anomalous access behavior by: device information, connection, geo-location technology, time, velocity, and transaction details. We analyze all account access and transactions to monitor and calculate a real-time risk score for every online interaction
- We leverage API-enabled machine-to-machine learning: to integrate with a wide range of enterprise portals and treasury management systems. This enables us to uniquely detect and prevent fraud with unprecedented speed, accuracy and scale.
In fact, because Guardian Analytics automates the ongoing analysis, Sentinel can automatically quarantine high-risk transactions without manual intervention and alert clients to suspicious activity in real time. The industry recognizes that Guardian Analytics’ behavioral analytics solution provides the highest detection rates, paired with the lowest rates of false positives in the marketplace. At the same time, Sentinel also provides analysts with richer context and insights from which they can rapidly take intelligent action.