HUMAN Blog

Detecting Account Fraud At Scale Gets Even Easier with HUMAN

Written by Alexander Gardner | July 17, 2024

We are pleased to announce that powerful new functionality designed to enhance detection and reporting of large-scale fraud is now available in HUMAN Account Protection and Account Defender. Current customers can log into the management console to start using the new capabilities.

What’s new?

This release introduces a new type of detection: the network event. This new detection excels at identifying and correlating large patterns of fraud in order to understand the big picture of incidents. There are three main ways in which it helps organizations protect their user accounts:

    • Scalability and Fraud Coverage: Cluster detection (detections based on a shared identifier, e.g. VID, device fingerprint, normalized email) is a common way HUMAN detects fake and compromised accounts. The new feature further improves our capability to identify large scale patterns of account abuse (clusters) and links these large scale detections where relevant
    • Correlation and Investigation: Network events make it easier for analysts to understand the ‘big picture’ even for complex attacks. Visualizations show exactly how different clusters are related—as well as the shared commonalities—so it’s easy for users to digest the information and take necessary actions
  • Faster Detection and Higher Frequency: Scans for network events now complete more frequently, speeding time to detection of large-scale fraud

In the screenshot below you can see that mass account takeover attacks were being used to spam and abuse the customer platform. The individual incidents and clustered detections were grouped into a network event that consisted of 1,926 unique user accounts. Across those accounts there were 68 VIDs, 3 countries, 19 ASNs, 38 email domains and a single device. You can also see the individual clusters that have been grouped together in order to understand the wider attack pattern and see it was coming from the same source. Analysts can drill down into specific flagged accounts to understand how and when each was impacted.

Responding to this sort of detection is easy. The new functionality incorporates drag and drop rule creation with multiple conditions and automated responses available, enabling organizations to customize responses according to their specific needs. For example, freezing accounts pending investigation or neutralizing them outright.

How do I get started?

Let’s run through a quick overview of how to start using this new functionality.

1) Rule creation

The first step is creating a rule for network events. Select ‘policies’ from the left hand column, then ‘policy rules’. Click the ‘create new rule’ button on the top-right of the screen and choose ‘network’ for either fake accounts or account takeover, then build the new rule according to your requirements and enable it.

In this example, we have defined a network event as when more than 1,500 accounts are involved in a detection and chosen to add the account IDs to a list that can be used for a blocking action. 

2) Rule criteria is met

When the new network event rule is triggered you will start to see network events in the dashboard.

Clicking on a network event will take you into the detection.

From here, you can review detections and the associated accounts as normal, but with the addition of further understanding the scale of an attack. Scrolling down, you will see the detailed activities list that gives granular insight into the actions associated with this network event.

Learn more

To learn more about Account Protection please visit the HUMAN website. For current customers that would like more information, please contact your account manager.