How behavioral biometrics can stop social engineering and malware scams in their tracks

As more and more human interactions take place virtually, behavioral biometrics have gained popularity as a frictionless way to verify users online. A behavioral biometrics solution examines a user’s actions (for example, how they type) as well as their habits (for example, the time of day they usually log in) to verify their identity without prompting the user. enter a password or take other actions.

Behavioral biometrics solutions are known to detect bots pretending to be humans and flag scammers who have stolen someone else’s online account. But their uses go far beyond. Flexible and versatile, behavioral biometrics can also counter many other types of human fraud, that is, attacks involving humans or mimicking human behavior.

Behavioral analysis: a growing brain

Calling a Timeout on Coaching Scams

Suppose you get a frantic call from your aunt, Rose. She tells you that she was contacted by IRS collectors and owes them money. While on the phone with her, the “IRS” explained to Aunt Rose how to pay, which in particular prompted her to log into her bank account and wire money to them, which she said. did. Aunt Rose just got ripped off – or more accurately, coached.

Also known as coercion or social engineering with user interaction, coaching involves scammers contacting users like Aunt Rose and convincing them to take actions on behalf of the scammer. The users are then coached by the fraudsters to make a money transfer to a new beneficiary (i.e. the wrong actor).

Traditional fraud solutions often fail to detect coaching because the legitimate user is still the person logging in. The user’s geolocation, IP address, and device will look familiar in most cases. But there are a few telltale signs that may reveal it as a human fraud thanks to biometrics and behavioral analysis.

For example, if a user types in information they don’t know, like a bank account number read to them over the phone, they’re likely typing slower than usual. They may also have a higher number of corrections and a larger typing gap, indicating that they are entering characters in small groups rather than typing fluently.

To spot a coaching scam, behavioral biometrics will also look at contextual and behavioral clues:

The context:

    • Destination information is different (for example, there is an unknown recipient or delivery address)
    • User has unusually high payout or number of purchased items


    • User hesitates when logging in or submitting a form
    • It is an unusual time of day for user to log in based on account history

If Aunt Rose’s bank uses a fraud detection service with behavioral biometrics, it will automatically determine that Aunt Rose is acting differently. The transaction can then be flagged as a potential social engineering attack and blocked. As a fraud alert pops up on Aunt Rose’s cell phone confirming the bank transfer hasn’t been completed, you both can breathe a sigh of relief.

Stop remote access malware scams

The attackers who targeted your Aunt Rose needed to talk to her to complete their scam. But bad actors can easily take control of your account or even your entire computer without ever picking up the phone.

By using malware to exploit software vulnerabilities in browsers, third-party software, and operating systems, crooks can gain access to your device, its information, and its resources. From there, they can impersonate you on any of your accounts, especially if your passwords are saved on that device.

A typical malware scenario might look like this: You receive an email from a friend asking you to click on a link they sent. But what you don’t know is bad actors scammed your friend before, and now your laptop is infected with their malware as well. You might be logged into your laptop, but in the background someone else is controlling it from another device. They have now accessed your email account and can start sending scam emails on your behalf.

Also known as a remote access scam or Remote Access Trojan (RAT), this type of malware can be difficult to prevent. Much like coaching, traditional fraud solutions often fail to detect malware because the information (geolocation, IP address, and device) looks familiar, so they assume that this is the problem. legitimate user. The account may also be already logged in when the attack occurs or the user’s credentials may be saved automatically on their device, further complicating matters. But biometrics and behavioral analytics can identify remote access scams based on a few factors:

The context:

    • New recipients or delivery addresses are added to the account
    • There is a lack of history established with destination accounts
    • Abnormally high spending or money movements


    • Familiarity with destination data (e.g. user copies and pastes information instead of typing it)
    • The behaviors do not correspond to the correct existing user profile (for example, the input models are different from the normal)

So if someone has accessed your email account through malware, the way they behave on your account will be different from how you normally behave, whether it is a suspicious number or emails sent at a time or at an unusual typing rate.

If your email provider uses behavioral biometrics, it will immediately trigger an alarm. Your email provider could then disconnect the compromised device from your account and require two-factor authentication to get back to it, which will take care of the scammer, as long as they haven’t also entered your smartphone.

Don’t be a victim of human fraud

Scams like coaching and remote access malware can be terrifying and stressful for users, especially when their money or online identity is at stake. But the next time Aunt Rose gets a call from ” IRS ”, don’t panic. With behavioral biometrics, we can often detect these sneaky human fraud attacks before the damage is irreversible.

User experience – a delicate balance?

The article How Behavioral Biometrics Can Stop Social Engineering and Malware Scams first appeared on NuData Security.

*** This is a syndicated Security Bloggers Network blog from NuData Security written by Tiffany Mark. Read the original post at:

Source link

James F. So