Internet-enabled fraud has become a bit harder
Many aspects of our daily lives have moved to the internet – including the less pleasant aspects, like forms of frauds such as phishing or criminal financial transactions. To address this, the DEFRAUDify project decided to look into new data sources and advanced analytics.
Phishing attempts are annoying, but the ‘spearphishing’ variety is especially dangerous: these are handcrafted emails that contain lots of specific information elements that relate to the recipient, so they are very convincing. And now, with the advent of services like ‘FraudGPT’, it’s even easier for cyber criminals to create those emails. Companies that want to be aware of these threats, want to know what the spearphishing ‘attack surface’ looks like: which key employees can be targeted and which information about those potential victims can be used by criminals? The DEFRAUDify ‘cyber threat monitoring dashboard’ collects this information and presents it to security officials of the company when needed. This is combined with information from the dark web that indicates whether the company is being discussed there. Advanced techniques like honeytokens, dark web crawlers and natural language processing are used to do this, developed by partners Almende, TU Eindhoven, CFLW Cyber Strategies and TNO. DEFRAUDify partner Web-IQ has included this solution in their portfolio, which has already raised considerable interest from their customers, especially the functionality that identifies dark web threat levels and trends. This has already been implemented a couple of times. They now know much more precisely what types of threats they need to anticipate.
Another area of internet-enabled fraud is criminal financial transfers. Cryptocurrencies are frequently used to collect ransomware payments, to evade taxes or to launder money. Lots of tools are already available to analyse cryptocurrency transactions, but some crucial points are missing. A special version of crypto transactions, known as ‘Layer 2’ or ‘Lightning network’ payments, evades normal analysis. Another crucial point is the interface between the ‘normal’ financial world and the crypto world: the Crypto Asset Service Providers (CASP). DEFRAUDify partners have created the CARE result: CASP Risk Estimation, whereby banks can easily assess how risky it is to accept transactions from crypto service providers. DEFRAUDify partner bunq (a fintech company) has defined the requirements for this solution, which is built upon results from partners NetSearch, CFLW Cyber Strategies and TNO. In their business, bunq is now much better able to assess risks for new customers who also use cryptocurrency transactions. The inherent explainability of the results is a distinguishing factor in the market. Partner BEIA will use the results to help the Romanian government fight tax evasion.
Besides the joint results outlined above, many more individual results were presented in the final review meeting on 18 September. The DEFRAUDify partners continue to exploit those results in the context of their product portfolio because the cyber world is constantly evolving. Any new tool that helps to detect or avoid cyber crime will create a reaction from the dark side: a new modus operandi, a new vulnerability, a new technology. So, while DEFRAUDify has taken an important step and the project is finished, the work continues.