Article
Fraud Defense Onboarding
Thank you for choosing Fraud Defense, a proactive cybersecurity solution designed to protect your organization from email-based fraud such as phishing, business email compromise (BEC), and impersonation attempts. This guide will walk you through the onboarding process, from setup to managing alerts and educating your team.
Introduction
Welcome to Fraud Defense, your proactive cybersecurity solution for identifying and managing email-based fraud attempts. Fraud Defense helps you stay ahead of threats like phishing, business email compromise (BEC), and impersonation by monitoring incoming communications in real-time. It analyzes suspicious structural patterns, domain reputations, and sender behaviors, alerting you before any significant damage occurs.
Key Alerts:
- In-App Alerts: Flagged emails appear directly in the At-Bay Stance Application for investigation.
- Email Alerts: Instant notifications sent to designated recipients, such as end users or security teams.
Key Features
Suspicious Email Structure Detection
Fraud Defense scans email content for structural anomalies, such as unusual formatting, deceptive headers, or mismatched sender information, which are common indicators of fraudulent attempts.
Domain Reputation Scoring
Incoming emails are analyzed based on the reputation of the sender’s domain. Low-reputation domains trigger alerts, helping you identify potential threats.
Sender Email Address Analysis
Fraud Defense cross-references sender email addresses against a database of compromised or known malicious accounts, flagging high-risk senders.
Real-Time Alerts & Notifications
Stay informed with two types of alerts:
- In-App Alerts: Investigate flagged emails directly in the At-Bay Stance Application.
- Email Alerts: Receive immediate notifications about suspicious emails.
How to Enable Fraud Defense
To enable Fraud Defense for your organization:
- Log in to the At-Bay Stance Application.
- Navigate to the Fraud Defense section.
- Click the Join Now button.
- Choose your mail vendor (Microsoft 365 or Google Workspace) and complete the integration setup.
Supported Platforms:
Fraud Defense integrates exclusively with Microsoft 365 and Google Workspace.
Reviewing and Resolving Flagged Emails
Step 1: Reviewing Alerts
Flagged emails will appear in the At-Bay Stance Application for review. Key details include:
- To: Recipient(s) of the email.
- From: Sender’s email address.
- Date: When the email was received.
- Subject: The email’s subject line.
- Reasons for Flagging: Why the email was flagged (e.g., suspicious domain, lookalike domain).
Step 2: Resolving Alerts
- Legitimate Emails: If the email is legitimate, mark it as “Resolved” and document your reasoning.
- Fraudulent Emails: Notify your end users about the fraudulent emails and act according to your security policy.
Fraud Defense Issue View
The Fraud Defense Issue View allows administrators to assess and manage flagged emails effectively.
- Risk Score and Confidence Level:
- Higher scores indicate greater urgency and risk.
- Reasons for Flagging:
- Newly Registered Domain: Recently created domains often used in fraud.
- Domain Might Not Exist: Unregistered or dormant domains.
- Lookalike Domain: Domains that resemble your organization’s domain.
- Unclassified Threat: Behavioral patterns outside typical email activity.
- Related Users:
View inboxes impacted by flagged emails. Use the Show All Inboxes option to notify users immediately and take action. - Mark as Resolved:
Select flagged emails, document why they are valid or invalid, and mark them as resolved.
Permissions and Requirements
Administrative Permissions
Microsoft 365:
- Sign in and read user profiles.
- Read all audit log data.
- Read directory data.
- Read all Azure AD recommendations.
- Read domains.
- Read mail in all mailboxes.
- Read and write mail in all mailboxes.
- Read all user mailbox settings.
- Read all usage reports.
- Read role management data for all RBAC providers.
- Read all security alerts.
- Read your organization’s security events.
- Read all users’ full profiles.
Google Workspace:
- View usage reports for your G-Suite domain.
- View domains related to your customers.
- See info about users on your domain.
- Associate you with your personal info on Google.
- See your personal info, including any personal info you’ve made publicly available.
- See your primary Google Account email address.
Account Limitations
- Each At-Bay Stance account can be linked to only one Microsoft 365 or one Google Workspace account.
- Multiple connections within a single At-Bay Stance account are not supported.
Tips for Managing Flagged Emails
For Administrators (Using the At-Bay Stance Application):
- Review Flagged Emails:
Investigate the details of each flagged email, including sender domain, risk score, and reasons for flagging. - Resolve Legitimate Emails:
Mark emails as “Resolved” and provide a reason to improve detection accuracy. - Escalate Fraudulent Emails:
Notify your security team about high-risk emails and take necessary steps based on internal policies.
For End Users (Receiving Flagged Emails):
- Exercise Caution:
Review flagged emails carefully and avoid clicking on links or downloading attachments until confirmed safe. - Verify the Sender:
Cross-check the sender’s identity through a trusted communication channel. - Report Suspicious Emails:
Notify your IT or security team if you suspect an email is fraudulent.
Security Awareness Training
Fraud Defense integrates with a free Security Awareness Training feature to educate employees on recognizing phishing attempts, social engineering, and other fraud schemes. Enable this feature from your dashboard.
Conclusion
Fraud Defense is your organization’s first line of defense against email-based fraud. By analyzing email structure, sender reputation, and domain behavior, it provides real-time alerts, empowering your team to take swift and informed actions to protect your organization.
Start enhancing your email security today by enabling Fraud Defense!