How to Prevent Cryptocurrency Account Takeover

Last Updated: February 07, 2023 by Tamas Kadar
Fraudsters are just as tech-savvy as they are lazy. How can they multiply attacks to target your business? Through the use of bots.
Thankfully, bot detection is easier than you might first think.
Bot detection is any process designed to identify the presence of bot traffic on a website, server, network, etc. It is made to detect individual bots and scripts, as well as botnets comprised of several bots, which can be in the thousands. The idea is to be able to tell human traffic from bot traffic.
In general terms, you may want to block your average bot. But they’re not all malicious bots – but there are also useful bots out there that you will certainly want to allow, such as Google’s spiders, which index web pages.
In the context of fraud detection, bot traffic always has a negative connotation, as fraudsters will attempt to use bots in order to automate and scale their attempts against a business or organization.
As a business, your goal is to ensure web traffic comes from legitimate users, so you’ll want to detect bots and block their access to all or certain parts of your infrastructure. This is because fraudsters rely on bots to automate actions such as taking over user accounts, making payments with stolen credit cards, or digital onboarding with fake identity details.
To make matters worse, bot attacks are on the rise globally. Cybersecurity firm Spamhaus identified a 23% increase in botnet traffic in Q4 2021 compared with the previous quarter.
Here is a map of where this automated traffic comes from:
Explore a demo with us today and find out how we can help you together.
Book a Demo
When it comes to the detection of basic bots, adding a few rudimentary technical hurdles will work. For instance, CAPTCHA is known to reduce bot-driven form submissions by 88%.
Things get more challenging when you deal with bots designed to replicate human behavior.
Referral fraudsters, for instance, utilize sophisticated automation designed to trigger affiliate rewards.
This is an example of what this kind of bot can do:
As you can imagine, complex sequences of events are harder to detect than simple fraud attacks – especially if they’re designed to pass off as a human.
That is, of course, unless you have the right bot detection tool at your disposal.
Bot detection techniques commonly in use to find and stop bot traffic include flagging suspicious tools that enable bots, as well as privacy-focused browsers and other known software and apps. There is, of course, much more:
At SEON, we understand that bot detection only works if you have enough data at your disposal.
This is how we break it down on our platform.
The first step is to learn more about our “user”. We can start with easily obtainable information, such as their IP address.
We can already get some interesting information. Here, the user seems to be connecting using a VPN and datacenter proxy.
While this is not enough to be marked as a bot, we can wonder why they would need to hide their connection details, flagging a potential risk to fraud and risk managers.
Let’s now dive deeper into how the user is connecting to your site. Are they spoofing their device information? Are they using an emulator?
Automatically creating a device hash is particularly useful. It helps us identify each device seen on a site, based on information such as:
Why is this important? It will come in handy when we look at the user’s online behavior, via velocity rules.
Velocity rules, or velocity checks, allow you to monitor user actions over time. It’s the closest thing you have to understanding behavior through data.
Here’s an example that could be relevant to us in the context of bot detection. Let’s say we are an online store selling high-end electronics, and this happens:
Once again, we could give them the benefit of the doubt. It’s possible that they had previously abandoned checkout and knew exactly which product they wanted. It’s also possible that they accidentally auto-filled two wrong card numbers before finding the right one.
So what we get here is an idea of who could be a suspicious user. But the picture becomes much clearer when you take all of the above into account and start looking at connections between suspicious users.
The thing with bots is that fraudsters rarely use just one. It only makes sense to reuse the same bot to perform the same action numerous times.
This works in our favor. If we’ve managed to find true information about the user (rather than the information they want us to believe), we can start highlighting connections.
With bots, we should be looking at similar devices, proxies, or patterns in the email addresses.
For instance, users registering with email addresses that include a name and a random combination of letters, such as john4567@email.com and david6676@email.com, could point to lazily implemented bots.
In fact, this is precisely how one of SEON’s Customer Success agents managed to block a fraud ring for an iGaming client.
Our fraud manager Conner noticed that:
By filtering through all the data points, Conner realized that he was indeed looking at a fraud ring that was using bots to sign up and claim rewards (a practice known as bonus abuse).
Join us for a demo to discuss your needs and see how SEON’s powerful engine can help.
Book a Demo
SEON is a full end-to-end risk mitigation platform that enables fraud detection and bot mitigation through powerful APIs, machine learning and custom rules.
Uniquely, it also harnesses the power of data enrichment, gathering information from 50+ social media and online sources in real-time to learn more about users. Specifically:
On top of that, you also get device fingerprinting to learn exactly how users connect to your site – especially good for highlighting emulators and virtual machines for better bot management.
The key to good bot detection is to combine all of the above in order to model what’s good or suspicious behavior.
It’s precisely what our velocity checks allow you to do. You can even leverage the power of machine learning to suggest the best bot mitigation rules specifically for your business.
Bot detection starts with gathering data about your user’s behavior and connection. By looking at whether they connect with proxies, VPNs, or Tor, you can increase suspicions. Emulators and virtual machines should also raise red flags. Then you need to compare such data and user actions with others to spot patterns.
An IP address isn’t usually enough to let you know if you’re dealing with a bot or not. However, you can assess whether it points to a VPN, proxy or Tor browser. This can help you raise red flags, depending on the user’s behavior.
The easiest way to block bots is to enable CAPTCHAs. However, it won’t stop the more sophisticated bots. To block those, you need to enable a combination of data enrichment (to learn more about how they connect to your site) and velocity rules (to understand their online behavior).
Sources
Showing all with `` tag
Click here
Tamás Kádár is the Chief Executive Officer and co-founder of SEON. His mission to create a fraud-free world began after he founded the CEE’s first crypto exchange in 2017 and found it under constant attack. The solution he built now reduces fraud for 5,000+ companies worldwide, including global leaders such as KLM, Avis, and Patreon. In his spare time, he’s devouring data visualizations and injuring himself while doing basic DIY around his London pad.
The top stories of the month delivered straight to your inbox