Remote Access Attacks

Remote access attacks are a method used by fraudsters to gain access to a victim’s device. This can be done directly through a scam, where a fraudster convinces a victim to download a remote access tool (RAT) that allows them to take control of the device. It can also be done indirectly, where a victim unknowingly downloads malware after visiting a malicious website or
downloading a fake app.

Problem overview

Legacy fraud prevention controls have limited or no ability to detect remote access attacks. When a RAT is present on a user’s device, the bank’s systems detect a genuine device fingerprint, with no traces of proxy, code injections, or malware, and with the proper IP and geo-location. When used in a social engineering scam, the same is true as it’s the legitimate user being guided by a fraudster to conduct a transaction.

Behavioral biometrics intelligence identifies patterns that indicate whether a session is being initiated by a human or remote access. Behaviors such as mouse movements, keyboard interaction, device movements, and swipe patterns are used to detect active remote access in a session. For example, mouse movements from a human will appear with curves, shakes and imprecise movements. Mouse interaction when a RAT is enabled will appear as near-perfect straight lines due to latency caused by the remote connection and show a high concentration of movement on a specific area of a page.

The hidden facts of remote access attacks

85 %

Percentage of victims of remote access attacks that are over 60

25 %

Percentage of victims who show signs of remote access four weeks or more before an actual fraud attempt

17

Average number of minutes it takes to submit a payment in a banking session with remote access

Winning the RAT Race: How Banks Can Get Ahead of Remote Access Attacks and Account Takeover

While the use of Remote Access Tools (RATs) in the perpetration of financial crime is not a new threat, they continue to pose significant challenges to Fraud Fighters. Access the white paper to learn about the common and emerging fraud methods that leverage RATs, where legacy fraud controls are falling short, and how Behavioral Biometrics intelligence can provide the additional visibility banks need to prevent these attacks.

Additional account takeover
use cases

Credential stuffing

Most organizations have bot mitigation controls in place to detect credential stuffing and other automated attacks. To circumvent these controls, fraudsters have started to abuse legitimate open banking platform providers to test batches of credentials and reverted to testing smaller, more frequent batches instead of testing at scale.

Phishing site detection

Over 90% of all cyber attacks start with some form of phishing via email, text message, or phone call. While phishing attempts used to be easy to spot due to multiple spelling errors and poor grammar, fraudsters now have access to AI tools such as ChatGPT to help them craft well-written messages capable of tricking even the savviest users.

SIM swapping

Financial fraud involving SIM swapping is growing in several regions around the world. Not all cases of stolen device fraud require a SIM swap. In these cases, often carried out by highly organized criminal gangs, fraudsters use password engineering to unlock the device.

Solutions

Solutions by Role

BioCatch Connect

Frameworks

Resources

Company