Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?



The Advantages of Threat Intelligence for Combating Fraud

It’s important to be familiar with multiple types of fraud that could affect your organization

It’s important to be familiar with multiple types of fraud that could affect your organization

Leveraging threat intelligence to combat nation state espionage threats is a common practice for cybersecurity teams. However, outside of common types of fraud seen in darkweb or closed forums, the same threat intelligence often is not leveraged to combat enterprise fraud. 

If you are a target of APT threats by espionage actors, buying access to known behaviors and TTPs used by APT groups is helpful to build detection models. For instance, the foothold, lateral movement, privilege escalation, and exfiltration techniques are generally repeatable across Windows and Linux corporate and production systems. Security teams build threat alerts and threat hunting models on the TTPs that are likely to target their organizations.  

There is no universal type of fraud, and no “one size fits all” way to fight fraud. It’s important to be familiar with multiple types of fraud that could affect your organization in order to build customized defenses that pertain to loss and brand degradation.  

12 Common Types of Fraud in Enterprise:

1. Online Shopping Fraud: Involves setting up fake online shopping portals to cheat people of their money. 

2. Chargeback Fraud: Consumers fraudulently attempt to secure a refund using chargeback processes. 

3. SIM Swap Scam: Account takeover fraud targeting weaknesses in two-factor authentication where the second factor is a call or text message to a mobile device. This allows interception of one time passcodes to gain access to victims’ accounts so fraudsters can transfer funds.

4. Identity Theft Account Takeover: Personal information is stolen through account takeover by modifying PII, adding authorized users, and changing passwords. It is used to carry out unauthorized transactions. Synthetic identity theft combines real and fake information to create a new identity. 

5. Phishing and Spoofing: The use of email, online messaging, fake websites, and social engineering to dupe victims into sharing personal data, login credentials, and financial details. 

6. Ghost Employee Scam: The scams use fraudulent PII to apply for IT, programming, database, and software jobs. These positions have access to sensitive customer or employee data implying the imposters could steal sensitive information and cash a fraudulent paycheck. 

7. Credential Stuffing: Credentials are obtained from a data breach on one service and used to attempt to log in to another service. This includes data being stolen from users and organizations and being resold on the darkweb or closed forums. 

8. Business Email Compromise (BEC): This is a sophisticated form of attack targeting businesses that frequently make wire payments. It compromises legitimate email accounts through social engineering techniques to submit unauthorized payments.

9. Rewards Point Fraud: Fraudsters call credit cardholders claiming to be from their credit card company. They offer to help redeem cardholder’s accumulated points and request the card details along with OTP. Then, fraudsters carry out transactions using these details.

10. Social Media Fraud: This includes bulk fake account creation, token abuse using OAuth access, and hacked accounts of friends who send links asking for money.

11. Credit Card Fraud: Hackers fraudulently acquire people’s credit or debit card details in an attempt to steal money or make purchases. Skimming and bust-out are common types of credit card fraud.

12. Tech Support Fake Virus Warning Scams: The consumer receives a warning indicating their computer is infected. The scammer then prompts the user to download an application, takes control of the computer, downloads an actual virus, and tells the consumer they need to fix the problem for a fee.

Overlapping Capabilities in Threat Intelligence to Detect and Combat Fraud

While solutions exist for prevention, most solutions focus on one or a few types of fraud. Fraud happens at such an unprecedented scale that utilizing law enforcement to disrupt bad actors is a hard value proposition. Organizations and individuals simply need to make themselves a harder target so the fraudsters move on. 

There is no silver bullet for fraud detection. However, the following capabilities will allow organizations to detect fraud regardless of the techniques and methods used. 

1. Gather comprehensive and demonstrated collection coverage against darkweb, closed forum, social media, and open source websites for your organization’s PII. It’s critical for these coverage areas to be in alignment with the most substantial monetary losses to the business. 

2. Use Threat actor engagement to understand TTPs and make stronger requirements on application architecture, processes, and controls. Employing the right linguists is key to identifying critical slang terminology.

3. Test the tools fraudsters create to exploit enterprise platforms and employees.

4. Employ threat intelligence analysts who can use obfuscated payments to buy on closed forums on an organization’s or individual’s behalf. 

5. Conduct discreet investigations in coordination with general counsel, human resources, IT, and engineering.

Organizations need to be able to go outside the firewall to gather as much threat actor information as possible to build robust internal defenses against fraud. Further, security and fraud teams need to align with other business stakeholders, and often with each other, to determine additional disruption outcomes that culminate with assigning dollar value loss to these outcomes. 

Written By

Landon Winkelvoss is Co-founder and VP of Security Strategy at Nisos.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...