In this edition:

• Entering the golden age of location intelligence
• FaaS of the Month: Botnets  

Entering the golden age of location intelligence

By André Ferraz, CEO and Co-Founder at Incognia

Location intelligence is picking up speed as a key player in the fight against fraud.

Don’t take my word for it:

Gartner recently recognized location intelligence as a dedicated fraud prevention category.

Datos Insights just named Incognia’s Location Fingerprint solution the Best Digital Identity Verification Innovation of 2023.

But it’s not just analysts: Big players in the industry are recognizing this too.

Our team recently talked with two industry giants, a large delivery company and a very large media company.

Both companies now have a location intelligence team that’s involved in fighting fraud. This is a new trend, not something we’ve seen in the past.

Location intelligence is on the map, and it’s only getting bigger from here.

Here’s what I think will happen with this trend in the next 12 months:

The idea of integrating location and device fingerprinting will continue gaining traction for one simple reason:

Both regular users and fraudsters will always have to access online services through a device, from a location in the physical world.

This means that mapping the device and its location behavior is critical for establishing trust during digital transactions.

Companies will take a closer look at their device fingerprinting vendors. They’ll start asking some tough questions:

Does your device ID persist after a factory reset? Can you detect associations between devices?

Companies are realizing that their device fingerprinting solution isn’t up to snuff. It’s not the type of solution you can just set and forget. It has to be continuously upgraded over time.

And if it isn’t, fraudsters will find those holes (they always do) and you won’t even notice that they’re exploiting your platform.

In the next 12 months, many companies will start realizing how much location fingerprinting can contribute to solving the device recognition problem that’s rampant today.

Has your company acknowledged that yet?

To learn more about how location fingerprinting helps you fight fraud, check out my recent article for Built In.

FaaS of the Month: Botnets

Fraud-as-a-Service: When cybercriminals sell their tools, services, and skills to help clients carry out fraud. Each month we highlight a FaaS tool that you should be aware of. 

Source: gbhackers.com

Fast facts about botnets:

• Botnets can be used to commit DDoS attacks, and any individual computer on the botnet can also be used as a puppet for other kinds of attacks, such as delivering viruses or sending other malicious traffic.
• Infected computers, often called “zombies,” can execute commands in the background without their owners’ knowledge.
• Botnets-for-hire often come with user interfaces such as dashboards and graphic front ends that make them more user-friendly for customers.
  

Deep dive on botnets:

Today’s Internet is an Internet of Things (IoT), and many of those ‘Things’, from wearable watches to security cameras to smart appliances, have a dangerous combination: an ability to make web traffic requests and poor security hygiene.

With the right software, bad actors can exploit vulnerabilities in both normal computers and IoT devices to turn them into an army of puppet machines known as a botnet. 

So, what can someone do with a botnet-for-hire? For as little as $20, they could use it to commit a distributed-denial-of-service (DDoS) attack against a website of their choice, knocking it offline until the attack stops or the website employs DDoS protection. For more money than that, they can even be used to conduct ransomware attacks, such as with the Qakbot botnet recently dismantled by the FBI. 

An affected computer, sometimes called a “zombie,” can also be used to carry out different kinds of attacks without the owner’s knowledge. Using botted computers in this way grants a layer of anonymity to attackers and expands their reach. 

One example of an attack a zombie computer can carry out is a chatbot phishing scheme. Threat actors can target followers of banks and other financial institutions by pretending to represent these institutions and messaging customers as though they’re seeking customer service feedback. 

After a while, and after gaining the consumer’s trust, the bot then asks the user about a “suspicious charge,” which of course never happened. When the consumer says the charge wasn’t theirs, they’re directed to a phishing link disguised as a way to secure their account or asked to share a one-time-password (OTP), compromising their account.  

Botnets for hire can give fraudsters a broader net to cast for not much extra money—and what’s a good deal for fraudsters can spell bad news for consumers and fraud fighters. Automated bot detection and multiple authentication factors can help protect users and websites from these types of attacks.

Other links you should check out:

Location intelligence

Emerging Tech Impact Radar: Online Fraud Detection and Prevention | Gartner

Incognia's Location Fingerprint: Best Digital Identity Verification Innovation | Datos Insights 

Botnets

Feds take down a botnet responsible for ransomware attacks | CBS

PEACHPIT Botnet Threat Exposes Android and iOS Users to Ad Fraud | Spiceworks

What did you think of this newsletter?

Incognia, a digital identity company, detects fake account creation and account takeover attempts for gig economy, marketplace, and financial technology applications. Benefits of using Incognia’s location-based digital identity include reduced false positives and a low friction user experience.