ABSTRACT
The purpose of this study was to assess the potential of online threat intelligence, which we collected from underground online markets, in guiding financial institutions’ incident response to the growing issue of customer account takeovers (i.e., unauthorized access to and exploitation of customers’ bank accounts for illegal purposes). Drawing on the situational crime prevention perspective, we teamed up with a large Canadian financial institution and conducted a case study between 13 January and 15 May 2021: we found threat intelligence information on various encrypted darknet markets, then immediately shared it with the bank’s fraud prevention team in an effort to deny offenders benefits. In total, 14 cases of potentially compromised relevant bank accounts were found online. Twelve of the compromised accounts were real bank accounts (85.7%) and in 7 out of 14 cases (50%), the fraud prevention team was able to respond to the incident based on the intelligence provided by the researchers and protect their customers’ identities and financials. These findings suggest that this type of intelligence is critical to prevent fraudulent online activities in general and account takeovers in particular and that an evidence-based approach should be utilized to evaluate the effectiveness of different types of intelligence tools and practices in achieving their stated goals.
