Why do they do what they do?
It’s commonplace that fraudulent actors do what they do with the end goal being to gain money from victims somehow. Every now and then, there might be a personal reason behind it, but almost always, it has to do with money. Unfortunately, they abuse your company’s resources and threaten your customer base.
What are they doing?
The obvious is the use of your infrastructure’s bandwidth for attacks, to send out malicious content, or just simple spam. They’re also compromising your servers if you’re offering hosting types of services. They’re attacking your subscribers, who may not be up-to-date on the latest security updates.
What you may not recognize however is the increase in support tickets, billing tickets, increased infrastructure demand, negative network reputation scores, negative impact on customers/subscribers who have neighboring IP space, and it’s all associated with these fraudsters' activities.
An increase in chargebacks is also very common and should be a huge red flag indicator of fraudulent actors on your network. A majority of the sign-ups will be with stolen credit cards or other forms of digital payments.
They’ll sign up when they know a payment won’t or can’t be immediately processed for X-number of hours like a holiday or certain day of the week.
One technique that’s common is to set up multiple accounts and keep some of them dormant until the other active accounts are found and shut down. It’s the definition of playing whack-a-mole for an abuse department.
Copyright: Freepik Company S.L. – www.freepik.com
What attracts fraudulent actors?
The most common types of services that attract fraudsters are the ones that are discounted or low-priced. Even though they’re probably using stolen payment information, they do this to stay under the radar. It’s typical that there are fewer reviews on lower priced services. Keep in mind that their end goal is to spend little to no money while maxing out your company’s resources.
They look for automated services that can be turned up very quickly.
They look for companies who are listed on blocklist and might not have the tools or resources to deal with abuse reports.
And something that might surprise you, they discuss which companies are the easiest targets in underground forums. Fraudulent actors will actually rotate between companies that they have been kicked off of. They share how they got caught and are always tweaking their techniques to make their unwelcome stay last longer.
How to deter them.
First things first, the heads of every department that are involved with customers or subscribers need to get together and at the very minimum share their team’s data regarding the negative issues they are seeing.
Some of those issues might be:
- Accounting/billing – chargebacks
- Support/abuse – increased tickets and network blocklisting
- Infrastructure/networking – higher bandwidth usage and speed degradation
Based on the information from these groups, you will start seeing trends and patterns. You’ll notice indicators you can start tagging as red flags or review points during sign-up. Even if a fraudster gets onboard, the other teams should now be better equipped to recognize these patterns and indicators.
Stopping fraudsters before they get through the door is the ultimate goal. There are several actions you can implement during the sign-up process, like hardware identification and information verification, to name a few.
Keep in mind that the challenge is not to make the sign-up process complicated and tedious, but instead do your due diligence during this process.
- Identifying and excluding bad actors during sign-up
- Tagging high-risk accounts that should be monitored
- Quickly terminating bad actors, bringing a short life cycle for them
The biggest step you will take is establishing communication channels between teams. From there, you should have a better understanding of the behaviors of these fraudsters, and how to identify and stop them.