Consumer or Fraudster: Balancing Fraud Losses and the Customer Experience

WEBINAR

Consumer or Fraudster: Balancing Fraud Losses and the Customer Experience

Person at laptop

As consumers, we rely on our digital identities more than ever. Our online behavior (like reusing passwords and downloading malicious attachments) puts us at risk of fraud, but things outside our control – including data breaches that expose our personal information – do the same. Fraudsters are the beneficiaries of our leaked personal data, exploring all avenues to impersonate us for their gain. 

As cybercriminals become more sophisticated with their tactics, enterprises with even the most robust fraud prevention programs will continue to have difficulty distinguishing legitimate consumers from cybercriminals.

So is your user a consumer or fraudster? A lack of confidence in the answer puts your bottom line in harm’s way, as synthetic identities, account takeover, and online fraud jeopardize your enterprise.

In this webinar, experts from SpyCloud & Aite-Novarica have a candid conversation about the latest trends in fraud and what organizations can do to protect themselves while balancing losses and the customer experience:

  • Direct insights into the latest fraud tactics and avenues
  • The scale and impact of leaked consumer PII that aids new account fraud and synthetic identity construction
  • Real-life examples from the front lines in the fight against fraud
  • Best practices on how organizations can level the playing field with fraudsters
  • Proactive approaches for negating rising fraud trends

View the Webinar

Presenter Information

Trace Fooshee, Aite-Novarica

Trace Fooshée, Strategic Advisor in Aite-Novarica’s Fraud & AML Practice

Trace Fooshée is a senior advisor in Aite-Novarica Group’s Fraud & AML practice, covering a variety of topics related to fraud and identity since April of 2019. Mr. Fooshée’s background includes more than four years of experience as a management consultant for EY and Deloitte and more than 11 years with SunTrust Bank where he served in a variety of roles but most recently as Head of Fraud Strategy.

Pattie Dillon – Anti-Fraud Product Manager, SpyCloud

Pattie Dillon’s passion for fraud prevention and risk mitigation began in 2002 at her firm Etalinc, LLC, where she pioneered the development and creation of a privacy-oriented online IDresponse age verification and identity verification SaaS platform. Her previous roles as President of Veratad Technologies and Director at Wolfe had her focused on reducing fraud and compliance risk and combating gift card fraud. These roles led her to work with Merchants and Law Enforcement to track criminal activity. Now at SpyCloud, Pattie is the Anti-Fraud Product Manager. Her focus is developing creative and innovative ways to fight fraud with SpyCloud’s leading-edge products and networking with others in an effort to build a safer internet through collaboration and knowledge sharing.

Pete Barker, SpyCloud

Pete Barker – Director of Fraud and Identity, SpyCloud

Pete has spent over 25 years in the fraud and investigations space most recently as the Director of Fraud and Identity for SpyCloud. Prior to SpyCloud, Pete held the position of Senior Manager of Digital Loss Prevention at Dick’s Sporting Goods where he put the ecommerce fraud department on the map when he and his team won the 2018 North American Fraud Awards. He has spoken at several MRC events either in person or virtually. He has a proven track record of achieving goals, implementing and managing strategies that drive profitability, lower costs and prevent fraud.

A few of our happy customers:

The SpyCloud Difference

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware-infected devices, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Combating Fraud from Stolen Cookies: Introducing SpyCloud Session Identity Protection

WEBINAR

Combating Fraud from Stolen Cookies

Introducing SpyCloud Session Identity Protection

Malware stealer logs showing the variety of information that can be siphoned from malware-infected devices.

Threat actors using stolen credentials often face the challenge of bypassing multi-factor authentication (MFA), device ID checks, and browser fingerprinting anti-fraud technologies. But in recent years, criminals have learned how to bypass these protections by relying on “anti-detect” browsers that can emulate a legitimate user’s trusted device and browser fingerprint. These tools are powered by a constant stream of malware infections that steal credentials, session cookies and other browser data – all available for sale on the criminal marketplaces.

We’re excited to introduce a new solution that expands our ability to help enterprises prevent fraud tied to malware: SpyCloud Session Identity Protection. It offers early warning of malware-infected consumers whose compromised web session cookies appear in botnet logs recaptured by SpyCloud, and are therefore at extreme risk of costly, difficult-to-detect fraud.

This webinar explains how:

  • Anti-detect browsers + malware data enable criminals to bypass existing fraud controls
  • Our new product flags consumers infected with malware sometimes well before their credentials on your site are even stolen
  • Early Session Identity Protection customers are reacting to SpyCloud’s alerts of their consumers’ compromised cookies

View the Webinar

A few of our happy customers:

The SpyCloud Difference

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware-infected devices, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

The Fraudacity of Cybercriminals: How 15.5B Recaptured Data Assets Shine a Light on the Criminal Underground

WEBINAR

The Fraudacity of Cybercriminals

How 15.5B Recaptured Data Assets Shine a Light on the Criminal Underground

Criminal at computer lit by a flashlight, showing logging into another user's account

With the continued increase of individuals working, shopping, and socializing from home, we relied on digital identities more than ever in 2021. And more of that data became available to fraudsters as a result of increased breaches and malware campaigns last year.

Each year, SpyCloud summarizes the trends our team observes while recapturing data at scale from the criminal underground. In 2021, we recovered more than 15 billion assets including credentials and PII from data breaches, malware-infected device logs, and other covert sources.

The bad news: password reuse has only increased, and inexpensive malware tools have facilitated mass device infections – putting a ton of sensitive data in the hands of criminals. The good news: companies can use this recaptured data to proactively fight back and protect both their employees and consumers.

In this on-demand webinar, SpyCloud’s Vice President of Product Management, Chip Witt, breaks down our observations, including:

  • The scale of data that was stolen & circulated in 2021
  • What recaptured data reveals about online behavior and its impact on your employees and consumers
  • Why the password reuse rate is on the rise – but how it’s just one factor in elevated identity exposure
  • How data breaches and malware fuel account takeover, ransomware, and online fraud
  • Best practices to reduce fraud and improve cyber hygiene for individuals and companies

View the Webinar

The Fraudacity of Cybercriminals: How 15.5B Recaptured Data Assets Shine a Light on the Criminal Underground

A few of our happy customers:

The SpyCloud Difference

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware-infected devices, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

Real or Synthetic? Introducing SpyCloud Identity Risk Engine

WEBINAR

Real or Synthetic? Introducing SpyCloud Identity Risk Engine

SpyCloud Identity Risk Engine - High Risk User

The surge in online activity in recent years has led to a corresponding explosion in online fraud, leaving even enterprises with strong fraud prevention programs struggling to confidently distinguish real consumers from cybercriminals. Until now, no existing anti-fraud solution on the market could provide visibility into the risk posed by the recency, severity, and scope of an individual user’s identity exposures on the criminal underground.

We’re excited to introduce SpyCloud Identity Risk Engine, a new anti-fraud solution that leverages our robust database of recaptured breach and malware-stolen data to help detect the risk of account takeover, identity fraud, and new account fraud. We protect organizations in real-time by correlating risk indicators to distinguish high risk from low risk consumers, allowing enterprises to tailor the customer journey appropriately and reduce fraud losses without adding friction.

In this webinar, SpyCloud’s Anti-Fraud Solutions Product Manager, Pattie Dillon, and Director of Fraud & Identity, Pete Barker, introduce SpyCloud’s newest offering, including a detailed look at how we’re turning recaptured data into a clear fraud signal that can improve the accuracy of fraud decisioning at scale.

Learn how Identity Risk Engine can complement your existing fraud control framework to help you:

  • Predict Fraud Tied to Malware: Identify consumers whose data has been harvested by malware, including browser fingerprints that enable criminals to impersonate them
  • Anticipate Account Takeover: Determine which customers are at highest risk of account takeover due to exposed credentials, bad password hygiene, and other key risk indicators
  • Detect Synthetic Identities: Detect anomalies within a customer’s information indicating that the identity is fake, stolen, or constructed using sensitive data available on the criminal underground

View the Webinar

A few of our happy customers:

The SpyCloud Difference

SpyCloud solutions are backed by the world’s most current and comprehensive repository of recaptured data from breaches, malware-infected devices, and other underground sources – with billions of exposed credentials and PII. It’s the same data that fraudsters use, but we make it actionable to prevent account takeover, ransomware attacks, and online fraud.

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

All Criminals Want for the Holidays is You(r Data): An Inside Look at How Cybercriminals Profit Off the Holiday Season

WEBINAR

All Criminals Want for the Holidays is You(r Data)

An Inside Look at How Cybercriminals Profit Off the Holiday Season

Retailers aren’t the only ones gearing up for the holiday rush — cybercriminals are waiting to get in on the action. The days leading up to and inclusive of Black Friday and Cyber Monday have continuously shown spikes in cybercriminal activity with increases in stolen accounts, gift cards, and other fraudulent purchases and transactions.

But cybercriminals are doing more than gaining access to consumer accounts and making fraudulent transactions. They’re also infecting systems with malware and reselling the logs, creating new avenues for cybercrime.

In this on-demand webinar, SpyCloud researchers share an inside look at the shopping trends they uncovered while monitoring popular cybercriminal communities during the 2021 holiday season and what this means for enterprises who must protect their consumers – and their bottom lines.

Watch the webinar to learn:

  • What gift cards, credentials and other access criminals are buying on the dark web, including price and transaction volume
  • How 2021 trends compare to those of years past
  • How criminals are leveraging malware to impersonate legitimate consumer and evade fraud prevention measures 
  • What enterprises can do to protect themselves and their consumers from account takeover and other follow-on attacks

View the Webinar

All Criminals Want for the Holidays is You(r Data)

A few of our happy customers:

The SpyCloud Difference

SpyCloud offers the earliest possible detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or are for sale on the dark web and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done.

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time account takeover exposure details powered by SpyCloud data.

The Ransomware/Stolen Credentials Connection

WEBINAR

The Ransomware/Stolen Credentials Connection

ransomware-stolen-credentials-webinar

Ransomware attacks are on the rise, and no industry or company is off-limits. For criminals, it’s a short and clear path from obtaining a stolen account credential to penetrating a network and demanding millions in ransom. For victims, the result is massive business disruption, negative press, brand damage, and an expensive, time-consuming remediation process.

But ransomware only works if cybercriminals have access to your network. The majority of these attacks stem from stolen credentials, and taking back control starts with proactive measures to negate their value.

In this on-demand webinar, we break down the ransomware ecosystem, adversary groups’ latest tactics, and strategies to mitigate your risk and avoid paying millions to ransomware gangs.

You’ll learn:

  • How ransomware operators select their targets and work with other players in the ecosystem to efficiently exploit vulnerabilities
  • Common entry points to corporate networks and the order of operations for attacks, including where stolen credentials come into play
  • Necessary proactive defenses that reduce the risk of attacks while negating bad habits like password reuse

There’s no room for error when it comes to ransomware. This webinar demystifies these insidious attacks and shows you how to reduce your exposure.

Want more info? Check out our blog:
One for the Money, Two for the Show, $4.4M for the Ransomware Gang That Used AT0

With recovery costs averaging $1.85M, we took a deeper look at the crisis-level ransomware threat by analyzing some recent attacks that originated from stolen credentials.

Read more

View the Webinar

The Ransomware/Stolen Credentials Connection

Presenter Info

CW Walker – Manager, Solutions Architects

CW Walker started his career in government as a threat intelligence analyst. His passion is understanding the stories that can be told through collection and analysis of interesting data. He has lead teams of solutions engineers at multiple threat intelligence companies and currently supports SpyCloud’s technical GTM efforts.

A few of our happy customers:

The SpyCloud Difference

Stolen credentials – obtained through breaches and malware-infected devices – are a criminal’s all-access pass to your systems. So take them out of the equation. SpyCloud offers early detection and continuous visibility of exposed credentials and negates this threat vector immediately. The effort and cost of recovery from ransomware (not to mention the negative press attention) far outweigh the effort and cost associated with proactive prevention.

SpyCloud acts as a ransomware “early warning system” for hundreds of global enterprises, including half of the Fortune 10.

Laptop with SpyCloud

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Another [1.5] Bites the Dust: Key Learnings from 1.5B Stolen Credentials You Should Never Use Again

WEBINAR

Another [1.5] Bites the Dust: Key Learnings from 1.5B Stolen Credentials You Should Never Use Again

We all want to leave 2020 in the rearview mirror, but the effects will be with us for a long time. Our online behavior shifted dramatically, and we created a number of new accounts to manage our lives in a new reality. This vast growth in the attack surface didn’t go unnoticed in criminal circles, and the tactics they developed to perpetrate breaches and account takeover set the stage for what we’re already starting to see in 2021.

In this on-demand webinar, we break down the trends our researchers observed within cybercriminal communities over the last 12 months, including:

  • The scale of data that was stolen & circulated in 2020
  • What the data reveals about device sharing and the fuzzy boundaries between work and personal device usage
  • The top 100 reused passwords (that you should immediately add to your ‘banned password lists’!)
  • Why and how other companies’ data breaches become your company’s problem
  • Security repercussions of the sudden shift to remote working, learning, socializing, and shopping
2021 Annual Credential Exposure Report

Our 2021 report revealed that password reuse continues to be a serious problem, leaving enterprises and their customers vulnerable to account takeover.

Download the Report

Credential Exposure Alerts

Watch the Webinar

Another [1.5] Bites the Dust: Key Learnings from 1.5B Stolen Credentials You Should Never Use Again

Presenter Info

Chip Witt, Vice President of Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

A few of our happy customers:

The SpyCloud Difference

SpyCloud offers the earliest possible detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or are for sale on the dark web and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Everyone is a Target: The State of Account Takeover in the Telecommunications Industry

WEBINAR

Everyone is a Target: The State of Account Takeover in the Telecommunications Industry

targeted account takeover

For every telecom company in the Fortune 1000, there are 552,601 plaintext passwords of employees in the hands of criminals. The telecom industry is up against a wall: there is seemingly unlimited data from both employees and subscribers in the hands of criminals to exploit for profit.

It’s time to stop giving criminals easy targets due to poor password hygiene and common security habits that put individuals and organizations at risk.

In this half-hour webinar, we dive into:

  • The underestimated and misunderstood methods cybercriminals are using to take over accounts
  • The latest stolen credential statistics specific to the industry that underscore the scope of the problem
  • Recommendations for mitigating risk
Solution: Account Takeover Prevention

Protect your users from account takeover fraud.

Learn More

Zero Trust

Watch the Webinar

Everyone is a Target: The State of Account Takeover in the Telecommunications Industry

Presenter Info

Bob Lyle, SVP, Vertical Markets

With a background in the device security and IP licensing spaces, he leads SpyCloud’s efforts to engage with key market verticals, including telecommunications and e-commerce, to best serve enterprises and consumers globally and protect them from account takeover (ATO). In parallel, Bob is also the Chair of GSMA’s Device Security Group (DSG), which advises mobile network operators, mobile device OEMs, and mobile ISVs on device security, theft, malware and spyware protections and assists with industry recommendations and standards around device security matters.

Bob Lyle - SpyCloud

The SpyCloud Difference

SpyCloud offers the earliest possible detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or are for sale on the dark web and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

How the Holidays Affect Dark Web Cybercriminal Activity

WEBINAR

It’s a Deal, It’s a Steal: How the Holidays Affect Dark Web Cybercriminal Activity

It's a Deal, It's a Steal

It should be no surprise that cybercriminal activity spikes around the holidays. Low holiday prices and high online traffic provide criminals the perfect opportunity to blend in with legitimate shoppers to take over accounts, use stored payment information or stolen gift cards to make fraudulent purchases, and exploit Buy Online, Pick Up in Store (BOPIS) policies.

But what we saw during the month of November on dark web criminal marketplaces surprised us – huge spikes in the sales of crimeware tools, dating accounts, and stolen credentials for particular restaurants, airlines and other consumer services accounts.

Watch the on-demand webinar to see SpyCloud’s annual research into holiday shopping trends across criminal ecommerce platforms, including:

  • What criminals bought, what prices they paid, and what volume of illegal merchandise exchanged hands around Black Friday
  • Which industries and account types were the most popular with cybercriminals 
  • How 2020 trends compared to what we saw in 2019
  • What enterprises can do to protect themselves and their consumers from online fraud
Solution: Consumer ATO Prevention

Protect your users from account takeover fraud and unauthorized purchases.

Learn More

Watch the Webinar

It’s a Deal, It’s a Steal: How the Holidays Affect Dark Web Cybercriminal Activity

The SpyCloud Difference

SpyCloud offers the earliest possible detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach or are for sale on the dark web and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.

Surviving a Data Breach – On-Demand

WEBINAR

Surviving a Data Breach - On-Demand

Security Leaders Offer Real-World Advice for Stronger Breach Prevention and Response

Surviving a Data Breach - CISO CIO Panel

“We thought we were doing the right things, but it turns out we couldn’t keep up with evolving attacks.”

We recently hosted an in-depth discussion with two seasoned CxOs who have successfully led through worst case scenarios: breaches that exposed customer data. 

SpyCloud’s Chip Witt speaks with Harry D. Fox, former CIO of CareFirst BlueCross BlueShield, and Damian Taylor, former CISO of Landry’s, about the impact of recent breaches and how the companies responded and remediated. 

They share lessons learn on:

  • The nuances of responding to breaches stemming from phishing and malware
  • Communicating with boards of directors about recovery plans and findings
  • Handling media relations & notifying customers
  • Investing in new early-detection solutions to stay ahead of evolving threats
  • Making big strategic shifts in cybersecurity programs, policy changes, and company culture post-breach

It’s a rare peek into the aftermath of data breaches from the C-suite that’ll help you better prepare your own prevention and response plans.

About the CareFirst Breach
CareFirst is a health insurance provider serving more than 3 million individuals and groups in the Maryland and the Washington metropolitan area. Affecting 1.1M customers, the breach stemmed from a phishing incident with the same digital signature as the attackers who compromised Anthem. Learn more here.
About the Landry’s Breach

Landry’s 60 brands include seafood and steak restaurants like Morton’s and McCormick & Schmick’s, as well as Golden Nugget hotels and casinos. Of their 600 properties, 350 were affected by a malware attack designed to steal cardholder names, card numbers, expiration dates, and verification codes. Learn more here.

Watch the Webinar

Surviving a Data Breach

Panelists

Damian Taylor, Former CISO of Landry’s

Damian is a computer science and information security expert, a retired U.S. Naval Officer, and currently serves as the Senior IT Specialist for the United States Postal Service Office of the Inspector General. Prior his current role, he served as the Chief Information Security Officer for Landry’s, Inc. and Fertitta Entertainment (parent company of the Houston Rockets).

Damian’s information security career stretches back 20+ years as he’s served in multiple IT security roles throughout the Department of Defense with a focus on national security, information privacy, computer network defense, penetration testing, compliance, cybersecurity policy & strategy development.

Damian has a M.S. in Information Technology Management with a concentration in IT Security, CIO and CISO graduate certificates from National Defense University and a graduate certificate in Advanced Computer Security from Stanford University. He has taught IT Security courses as an adjunct professor and spoken at multiple IT Security focused events.

Damian Taylor

Harry D. Fox, Former CIO of CareFirst

Harry Fox is currently a Principal at Oak Advisor’s Group, a strategic advisory firm focusing on the intersection of information technology and healthcare.

Harry was the Executive Vice President, Chief Information Officer and Shared Services Executive at CareFirst Blue Cross Blue Shield from 2011 to mid-2018. CareFirst is a $9.0 billion not-for-profit health care company offering a comprehensive portfolio of health insurance products and administrative services to 3.2 million individuals and groups in Maryland, the District of Columbia, and Northern Virginia. Harry was the most senior out executive at CareFirst and was the Executive Sponsor for ProPride, CareFirst’s LGBTQ Associate Resource Group. 

Harry has also held senior-level positions at Kaiser Permanente, Coventry Health Care (now Aetna), and PricewaterhouseCoopers, and serves on the boards of multiple private equity-backed companies and not-for-profit organizations.

Harry is a graduate of the Wharton School, where he received an M.B.A. in finance.

Harry D. Fox

Moderator

Chip Witt, Vice President of Product Management

Chip Witt has nearly twenty years of diverse technology experience, including product management and operations leadership roles at Hewlett Packard Enterprise, Webroot, VMware, Alcatel, and Appthority. He is currently the VP of Product Management at SpyCloud, where he drives the company’s product vision and roadmap. Chip works closely with field intelligence teams specializing in OSINT and HUMINT tradecraft, actor attribution and underground monitoring.

The SpyCloud Difference

SpyCloud provides early detection of potentially compromised accounts – those using credentials that have appeared in a third-party breach and are therefore at risk of account takeover. And we automate the remediation of exposed passwords, enabling enterprises to lock down accounts quickly, before damage is done. 

Our goal is to help organizations to protect themselves from criminal activity and disrupt criminals’ ability to profit from stolen data.

Related Resources

Check Your Exposure

See your real-time breach exposure details powered by SpyCloud data.