Choose Your Own Adventure: The Case of the Mysterious Fraud Spike

It’s a quiet Monday morning in May. You, a fearless fraud fighter at a leading financial services company, are enjoying your first coffee of the day. You log on to your NeuroID Crowd Alert dashboard. It’s a great way to start your workday, as it shows you the crowd-level patterns of users on your application forms and alerts you to any risky user behavior.  

It’s choose your own adventure time: Do you . . . 

A – Follow your instinct and look closer at this spike. 

B – Get a second cup of coffee and go on with your day, confident in your fraud controls.

If you choose B, jump to here. If you choose A, keep reading.

A: Follow Your Instinct and Look Closer at This Spike

This spike tickles something in your memory. You think back to one of your early calls with the NeuroID team, where they talked about probe attacks. The NeuroID team defined “probe attacks” as “small bumps in fraud above a client’s baseline fraud rate.” They said probe attacks were often the first signs of a larger scale attack about to come. The short spikes were typically fraudsters, whether human or automated bots, probing to test controls, nudge defenses, poke into weaknesses, and identify the best exploitable gaps to plan huge, focused attacks. You remember this distinctly because it was such a high-value view to know you could actually see strikes preparing before they attack . . . 

You refill your coffee and look closer at the risky behavior spike on the NeuroID dashboard. Digging deeper, it looks like the risky users are trying to get through your lengthy application flow, then dropping all at one point. You realize that there’s a gap in your application process that every risky-flagged user is poking at. You see that the spikes keep coming—not only was the first spike a probe, but the fraud ring is now coming back en masse to exploit the weakness they found. 

You grab your red-phone-handset and call up the rest of your fraud-fighting team. Together, you quickly fix that weakness within your decision criteria. The red spikes immediately start to peter off back to baseline.

Happily Ever After

Because you tightened your fraud rules in anticipation of a large-scale fraud ring attack you were able to stop it in its tracks before the big attack wave came through. As the urgency around stopping the fraud ring subsides, you think about the great blog post you recently read that mentioned how Synthetic Identity Fraud (SIF) is now 85% of all fraud and realize that attacks like this are going to be even more frequent, and that the power of probe attacks as a warning sign is tremendously helpful. Without seeing this spike in crowd patterns, you wouldn’t have been able to prepare for the large-scale attack coming and adjusted in real-time to stop not only this attack, but others that could exploit the same vulnerability.

B – Get a second cup of coffee and go on with your day, confident in your fraud controls

The second cup of coffee is the perfect temperature. While your Crowd Alert dashboard shows more large blips, you aren’t worried; attack attempts happen all the time and you’re confident in your stack. All is well. 

Until the following Tuesday, where you suffer a massive attack. You remember the blips from last week, and wonder if they were a warning sign—but by then it’s too late. Fraudsters are in, busting through barriers at a break-neck speed, and some even might be dormant fraudsters who will wait within your ecosystem for future opportunities. 

The coffee is more bitter than usual on that Tuesday, and so is the lesson learned—those early probe attacks of a minor increase in suspicious activity (such as bots rapidly filling out forms) were indeed a sign of a large fraud ring attack to come. Those probes were fraudsters fine-tuning their strategies, understanding your step-ups, and testing for the biggest exploitable gaps before launching a full-scale assault.*

*Author’s note: I took some artistic license here for dramatic effect. In reality, your NeuroID customer service manager would have noted the probe attacks and contacted you to make sure you saw them, too. We would have provided suggestions on what it might mean, then advise on where you should search for a vulnerability in your decision flow. The only real unhappy ending to this story is if you didn’t have NeuroID, and therefore couldn’t see the probe attacks at all.

NeuroID Is the Best Choice for Earlier Fraud Detection

Probe attacks are subtle, preliminary attempts by fraudsters to identify weaknesses in your fraud stack, and are often key indicators of large-scale attacks on the horizon. At NeuroID, we specialize in detecting these probe attacks, then with providing our clients with the insights they need to preempt and mitigate effectively.

Incorporating NeuroID’s probe attack detection into your fraud strategy will transform your approach to be one where you predict fraud, rather than react to it. Our clients use NeuroID’s predictive insights to:

• Identify and Understand Abnormal Behavior Spikes: so you can quickly recognize unusual patterns that may signal a probe attack.

• Preemptively Address Vulnerabilities: probe attacks are the canaries in the coal mine that help you  to identify any fraud-stack gaps before they can be exploited on a larger scale. 

• Enhance Decision-Making Processes: With detailed insights into the nature of probe attacks, you can refine your decision-making processes, such as implementing stricter rules around automated signals and adjusting their fraud prevention strategies accordingly to stay nimble and agile against any attack.

• Improve Fraud Detection and Response: NeuroID’s detailed dashboard provides a clear and digestible view of fraud trends, making it easier for you to respond quickly and effectively to emerging threats. This includes recognizing patterns that might indicate a larger attack is forthcoming.

Want to see fraud before it happens? Talk to a NeuroID behavioral analytics expert today.