Topics Types of Bank Fraud 12 Most Common Types of Bank Fraud Account Takeover (ATO) Fraud Advance Fee Fraud Check Fraud ACH Fraud Real-time Payment Fraud First-Party Fraud Wire Fraud Zelle Fraud Types of Card Fraud Credit Card Fraud Debit Card Fraud Lost or Stolen Card Fraud Card Skimming Card Cloning Chargeback Fraud Card Not Present (CNP) Fraud Fraud Defenses Anti-Money Laundering (AML) Behavioral Biometrics Crowdsourced Abuse Reporting Device Fingerprinting Real-time monitoring Email Reputation Service IP Reputation Service SR 11-7 Compliance Supervised Machine Learning Suspicious Activity Reports (SARs) Tokenization Transaction Monitoring Two-Factor Authentication (2FA) Unsupervised Machine Learning Fraud Tactics Bot Attacks Call Center Scams Credential Stuffing Data Breaches Deepfakes Device Emulators GPS Spoofing Money Mule Scams P2P VPN Networks Phishing Attacks SIM Swap Fraud URL Shortener Spam Web Scraping Fraud Tech Anomaly Detection Device Intelligence Feature Engineering Generative AI Identity (ID) Graphing Network Analysis Natural Language Processing Fraud Types Application Fraud Transaction Fraud Payment Fraud Pump and Dump Scams Bust-Out Fraud Buyer-Seller Collusion Content Abuse Cryptocurrency Investment Scams Money Laundering Loan Stacking Romance Scams Rug Pull Scams SIM Swapping Synthetic Identity Theft Cryptocurrency Scams Pig Butchering Scams Email Reputation Service What is an Email Reputation Service? An email reputation service typically provides a risk score for an email address. The risk score is based on attributes such as the age of the email address, email frequency, and domain. Some email reputation services also validate identities using email-based information such as name, email address, IP address, and geolocation. Most email reputation services provide an API that organizations can use to integrate email risk scores with their existing fraud models. An email risk score can be used along with other attributes to assess the risk of a transaction. What Should Organizations Know About Email Reputation Services? Email reputation services rely on attributes related to an email address. And fraudsters constantly find ways to use email addresses and email domains so that they look like authentic, reputable users. While in the past, email reputation services were a reliable means of assessing the risk of an email address, that is no longer the case- fraudsters have figured out how to circumvent email risk scores. The ability to detect a fraudulent email address and analyze shared attributes across all transactions is critical for successfully managing transaction risk and preventing fraud. Email reputation services reference blacklists along with email metadata to assign a reputation score to an email address. Many fraudsters have email addresses and domains that are included on multiple blacklists, so they use throwaway email domains to bypass blacklists. A throwaway email domain is a temporary, disposable email address that expires in a short period. Disposable emails are created and used by fraudsters so quickly that few blacklists can keep up. And fraudsters make these disposable email addresses look authentic by adding custom domains. Fraudsters use custom domains primarily for email spoofing, creating email messages with a falsified sender address. There are legitimate reasons why businesses and individuals would want a temporary email domain or a custom domain. Some consumers want to ensure their privacy. For example, if a well-known tech executive wants to avoid marketers, they might set up a temporary email domain. And a new business would need a new custom domain to send business emails. If a platform uses an email reputation service that starts to crack down on throwaway email domains and custom domains, it will likely lead to a higher number of false positives. More false positives would mean that more legitimate customers would encounter friction and have negative user experiences. Contextual detection is critical when it comes to fraud detection. Data must be assessed with the benefit of context in order to understand what is and isn’t fraudulent. Prevent Email Spam and Fraud with DataVisor With all the cutting-edge technology currently available to modern fraudsters, it has become altogether too easy to impersonate legitimacy of virtually any kind. Fraudulent emails that seem perfectly authentic, sent from email addresses that appear totally normal, send us to fake websites that look 100% legitimate, where we enter our credentials into form fields that raise no suspicions whatsoever. This is just one example of activities that take place across the web every day, and even as technologies continue to advance, comparatively “traditional” techniques like phishing continue to simultaneously wreak havoc. Dealing with these issues on an incident-by-incident basis is a recipe for failure. The only solution that works is to address the problem holistically, relying on comprehensive data analysis performed at big data scale, and deploying proactive detection and prevention strategies that can track and identify the fraudster behind the fraud. Additional References Webinar: DataVisor Webinar – Dumb & Dumber vs. Oceans 11 The Sophistication Spectrum of Fraud Solution: Transactional Risk Detection Source: What Are Email Blacklists and How to Avoid Them, SendGrid Source: Email spoofing, Malwarebytes