This particular fraud attempt was caught by the FraudDESK team at Guardian Analytics, and shows the impact that suspicious or failed login patterns can have on fraudulent activity.
The initial incident occurred with a business account customer, which had consistent behavior from the login details including the same IP geolocation to days and times of the week. However, there was one login pattern that deemed suspicious. This suspicious login pattern included the following: a new IP geolocation, initial failed login attempts and an unusual timeline between sessions.
What transpired from these failed login attempts and unusual session timelines was a halted fraud attack that prevented over $518,000 in ACH losses and $10,000 in wire losses.
In drilling into more of the details, we learned the victim had received a phishing email that was masked to look like a legitimate email from a bank. Upon clicking on the link within the email, she infected her PC with a virus that would later gain access to the business account’s bank account.
Not long after the FraudDESK team identified the suspicious login pattern as mentioned above, another high-risk alert came in with an uncharacteristically large ACH batch (1021 items). Additionally, new items were detected within the ACH batch and a free form wire also included. The IP geolocation was consistent with the customers’ normal behavior pattern, which alerted the fraud analyst to take immediate action and escalate the incident, which stopped any money from leaving the bank.
The ability to visually see behavioral patterns within the Guardian Analytics solutions offers greater insight into normal session patterns and calls out the anomalies that may indicate fraudulent activity. While a failed login attempt may not seem like a major trigger into suspicious activity, it certainly should not be ignored.