IBM Security Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity. Join the Community
(This post was born of a chat with Assaf Ezov, Offering Manager for Trusteer Mobile SDK).Social engineering is without a doubt one of the more difficult fraud use cases to detect for the basic reason that, in most cases, the person conducting the actions on the account is the true account owner -- and being illicitly manipulated by a fraudster. A common scenario -- which btw happened to my colleague's mother the other day -- is when a fraudster calls an account owner (yes, Virginia, phone numbers are readily available on the Dark Web...) to "inform" her that a security breach has taken place and she must reset her account password – on the phone, with the caller! The fraudster tricks the user into downloading a supposedly legitimate app that is actually malware, say: an SMS stealer, or a remote access tool for screen mirroring or some other malicious tool that helps the fraudster steal the user's account credentials and bypass two factor authentication like SMS.
The point of this post is to note that in these elusive "but it was the true user" fraud cases, using common fraud detection techniques like behavioral biometrics or device authentication alone will not help. Why not? Because they will only detect the true user. They won't help detect the fraudster. Such cases require a different approach.
So how does IBM Trusteer get an edge up on social engineering fraud? Its strength lies in using multiple capabilities in tandem to detect and react to such attacks. For example, it can identify when a user is on the phone while accessing their account. That alone won't point to fraud – most of us probably answer a phone call while banking online. But machine learning models in Trusteer Pinpoint know to flag such situations as potentially suspicious and, along with benefit of additional parameters collected from the mobile channel by IBM Trusteer Mobile SDK, gain the context needed to identify and alert the bank when a social engineering attack is under way on that channel. This combination of Trusteer Mobile SDK with Trusteer Pinpoint Detect yields a mobile solution that is a powerful foil to the elusiveness of social engineering attacks.To learn more about the offerings cited above, go here. And now's a perfect time to head over and read the blog on a recent threat Trusteer thwarted with its layered approach.Thoughts? Comments warmly welcomed.