Attivo Networks Blogs

Fraudsters Have Always Used Deception. It’s a Key Tool for Cybersecurity, Too

bank innovation logo

Originally posted June 4, 2018

Wells Fargo has had a very public battle with fraud. Just last month, the bank agreed to pay $480 million to settle a lawsuit from investors accusing Well Fargo of securities fraud related to its fake-account scandal from 2011 to 2016 in which 2 million fake accounts were set up.

“We have alerting to try to prevent that type of fraud from happening but so often our customers get duped into thinking, ‘No this is real, the vendor did call me. This is their new account number.’ Only to find out later it was a fraudulent payment,” Secil Watson, Wells Fargo executive vice president and head of digital solutions, told Bank Innovation.

“Even if we stop fraudulent payments from going through, it’s still a big hassle for our customers. If no harm is done you still feel victimized, which is not a good emotion,” said Watson.

Fraud talent is rare — and in high demand.

Mounting threats make a sound cybersecurity defense vitally important. Financial institutions’ security along with fraud schemes have evolved. Fraud is at the forefront of banking execs minds’ — some 71% are focusing their digital investment on cybersecurity. There has been a shift to banks investing in early fraud detection technologies, but being able to act on alerts is key.

“If you want to outmaneuver the advisory you need to set traps within the network and set up a high-fidelity detection mechanism, and make it actionable,” said Carolyn Crandall, chief deception officer at Attivo Networks, a cybersecurity company.

Old systems relied on building a fence to keep fraudsters out. “These tools would raise alerts on anything is saw an anomalous, it would overwhelm the security team, “said Crandall, who acknowledges that 100% of attackers can’t be intercepted. Detection mechanisms that work by picking up on the way fraudsters move through a system will prevent alarm systems from sounding from authorized users.

“Coming up with a detection mechanism that will raise high fidelity alert — it’s about using deception tech that will lure the attacker. Only someone who is trying to run recognizance or trying to steal credentials will trip these alarms,” said Crandall.

Once a fraudster is in the network, limiting dwell time and reporting breaches to other institutions are steps to take to stop fraud sooner. Institutions can also set booby traps.

“In deception, you’re setting up a decoy,” said Crandall. “Even using fake data in the network, if you want to reset that synthetic network, it’s going to slow or derail the attack to where you can build your halls of confusion.”

Running a synthetic network for fraudsters to interact with is a safe way for banks to engage an attacker, and learn who is attacking, why, and what methods they’re using, according to Crandall.

Institutions rigging their systems to ensnare fraudsters is only part of what financial institutions can do to mitigate fraud…


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

12 + eighteen =

Ready to find out what’s lurking in your network?

Scroll to Top