OVERVIEW
As cybercrime evolves, fraud — in particular phishing and business email compromise (BEC) — has risen to the top both in terms of prevalence and financial damage caused. The FBI recorded $3.5 billion in reported losses due to cybercrime in 2019. Much of this was due to financial fraud like BEC, rogue wire transfers, ransomware, and spoofing. In fact, the most costly cybercrime in the US was BEC, costing over $1.7 billion and making up over 40% of all internet crime related losses in 2019.

The latest forms of cyber fraud present a particular challenge to legacy email security systems. TradiIn fact, legacy solutions miss over 30% of attack campaigns. With 95% of breaches caused by phish, this creates a huge security gap and adds exponentially to security operation workloads. To combat modern cybercrime, organizations need to adopt solutions with Active Fraud Prevention capabilities to comprehensively detect and stop attacks missed by SEGs.

ACTIVE FRAUD PREVENTION WITH AREA 1
Stopping modern fraud attacks requires the ability to detect low-volume, targeted phish and BEC. As attackers increasingly use social engineering over malware for many of these attacks, detecting malicious intentions, even if there is no malware present, is key. Discovering fraud attempts, often conducted over a span of multiple conversations, over weeks and months, also calls for advanced machine learning algorithms.

Area 1 Security takes a machine + human approach for comprehensive Active Fraud Prevention across all threat vectors for fraud: email, social, web and network. Our approach allows us to stop all the threats anti-spam, anti-virus and advanced threat protection systems typically catch, but we also go above and beyond to preempt attacks and stop active fraud campaigns before they do harm.

Preempting attacks starts with Area 1’s ActiveSensors™ for massive-scale web crawling and small pattern analytics engine (SPARSE™), which allow us to proactively discover and track attacker infrastructure. With these technologies, Area 1 is able to detect emerging attack infrastructure an average of 24 days before phishing campaigns go live. Through our extensive research and detection of phishing campaigns, we’ve tracked and divided BEC evolution into the following types:

• Type 1 BEC uses CXOs and display names as a lure through inter-organization impersonation.
• Type 2 BEC uses hijacked employee accounts as a lure in intra-organization impersonation.
• Types 3 and 4 BEC rely on account takeovers and spoofing of trusted supply chain partners respectively, making them the most difficult to detect and most financially damaging.

Area 1 excels at detecting all four types of BEC, but we’re particularly good at catching the sophisticated, long-con Types 3 and 4 BEC fraud commonly missed by legacy email security systems.

Our Active Fraud Prevention approach includes:

• Area 1’s automated supply chain BEC phish detection, which addresses the vast majority of these partner account takeover-based BECs. We also take a combined machine/human approach designed to uncover the slow, drawn-out development of Types 3 and 4 BEC phish..
• Area 1 conducts continuous machine level assessments of all messages for emergent signals of fraud. Messages are also auto-classified, surfacing categories of interest like financial messages.
• After multiple levels of machine-driven detection, we employ escalated analyst reviews of change requests in the small amount of financial messages with undetermined verdicts.
• Final joint confirmation with Area 1 security analysts and customer SOC teams results in precise verdicts with low false-positive rates. This process allows for scalable and accurate detections that stop active fraud campaigns in their tracks.

Through this advanced method, Area 1 has intercepted more than $233 million Type 3 BEC fraud campaigns targeting Fortune 500 companies in just the first 12 weeks. Since 2019, we have also caught more than 100 million phish missed by SEGs.

Area 1 Security is the only cybersecurity company able to comprehensively block phishing and fraud attacks before they do harm. To protect your organization from modern cybercrimes, try us out at www.area1security.com/try-area1.