CHEQ Raises $150 Million, led by Tiger Global

Learn More

Threats From the Fake Web: What is Lead-Gen Fraud?

Definition:

Lead generation fraud is the result of bots and other automation tools populating your CRM. They reach your marketing campaigns and website for a variety of reasons. Competitors trying to flood your company’s pipeline and affiliates trying to boost commission with fake leads are a few of them.

Interesting Facts:

61% of marketers rank lead generation as their number one challenge. (Source: Hubspot)

53% of marketers spend at least half of their budget on lead generation. (Source: BrightTALK).

No wonder companies look for protection against this type of fraud.

How is it implemented?

The objective of lead generation fraud is to contaminate CRM databases and sales pipelines, disturbing marketing, and business operations.

To achieve that, bots and automation tools will carry fake or stolen online information. With it, they are able to fill out forms and reach companies’ websites. The result is that marketing and sales teams will blindly chase fake leads instead of real potential customers. We all know how hard it can be to convert real leads, imagine having to deal with fake ones?

In addition, Led Gen Fraud can also put companies at a security risk.  Let’s say a fake lead starts to interact with your team via email. In this situation, the risks of malware injection or phishing attacks become increasingly higher.

If you wanna learn more, click here

This week in Horror Stories: Discord and the crypto world suffer with scammers

Let’s unveil it.

Cost: still early to precise. Several servers of Discord were taken over by hackers that used bots to scam users. The damage caused to crypto and NFT owners can be irreversible. 

Date: At least since the beginning of May 2022.

Industry affected: Financial/crypto

Threat Type: phishing attacks and bots

What is it?

Phishing happens when an attacker sends a fraudulent message to trick a person into sharing sensitive information with the attacker, as well as to deploy malware on the victim’s device.

A Bot is a script designed to act with agency or simulate human behavior. In this case, bots were used to send phishing messages to Discord members.

Long story short, what happened?

Discord was created as a chat app for gamers but became the most well-known platform for crypto projects. Today, many NFT collections, such as the Bored Ape, use it as “their home”, having thousands of members on the platform’s server.

Different from traditional financial communications taking place with protocols like Bloomberg Terminal or SWIFT, the crypto world mostly uses Discord. The problem is that the chats are not encrypted and histories are available to whoever joins a channel, making impersonation scams very common.

Because Discord servers use bots to target a large number of users at once, the platform security is continuously at risk. Recently, hackers controlled servers, taking over the administrator’s bots that are used to communicate with members and began posting fake messages, tricking these members into giving up their cryptocurrency or NFTs. 

We must notice that crypto hacks can be executed very quickly – one wrong link is enough to irreversibly swipe someone’s possessions -, so hijacking a Discord server and controlling its bots became an efficient way to fraud a large number of people at once.

Why should you care?

Attacks like this have become increasingly high not only in the crypto but the financial world in general. Because of their capability to target a large number of people at once, while impersonating “human behavior”, bots have been used for several criminal operations and all sorts of fraud. These include account takeovers, user hijacking, card fraud, cart abandonment, and many more.

 

This week in Horror Stories from the Fake Web, we will dissect the SSNDOB case.

Let’s unveil it.

Cost: $19 million in fraud + information of 24 million U.S. citizens including their names, dates of birth, passwords, and credit card numbers

Date: June 7, 2022

Industry affected: Various

Threat Type: Credential stuffing. With the stolen PII (Personal Identifiable Information), Account Takeovers (ATO) can then be executed.

What is it?

Credential stuffing is a cyberattack used to obtain lists of usernames, email address passwords, and other personal pieces of information, that are usually acquired with data breaches caused by malware.

Long story short, what happened?

The SSNDOB was a digital marketplace that operated for several years using different internet domains selling the PII belonging to millions of people around the world. Revealing the case, the investigation conducted by the IRS and the FBI showed that approximately 24 million U.S. citizens had their PII available online. As mentioned, these PII were obtained in the first place by cybercriminals through attacks like credential stuffing.

The sale of these millions of personal information financially supported criminal schemes around the world, reportedly generating more than $19 million in revenue for criminals.

Why should you care?

The fact that the PII of millions of people were being sold online is already scary enough. Adding to that, the money gained from selling these PII on the web was used to finance other criminal activities.

But the most horrific part of this story is that cybercriminals who purchased the available pieces of information online could use this to create accounts on social media and financial services under pretentious real identities. No wonder why people are losing trust on the internet, not knowing what is real and what is fake. It is important to remember that schemes like this can lead to financial crimes, the drain of loyalty programs, and other several cases in which attackers will impersonate someone else to commit all sorts of fraud.

Wanna know more about how this can impact your Go-To-Market Operation? Click here.

Definition:

Account Takeover (ATO) is a cyberattack in which a legitimate account is invaded and controlled by attackers. Is a form of identity theft and fraud. Because it’s not usually an attack that focuses on one account at a time, but many at once, account takeover is mostly done by attackers using bots.

Interesting Fact:

Just in the UK, this type of Fake Web threat was responsible for a £14.6 million loss in 2021. In the US, reports mention that 25% of consumers were affected by ATO in 2021.

How is it implemented?

Account Takeover can be done using a list of stolen user information purchased on the dark web (credential stuffing) or brute force attacks (cracking). Attacks usually send bots that can automatically reach retail, travel, eCommerce, and other sites to test login pieces of information and attempt the takeover.

Once the takeover is done, the possibilities for the attacker are various. They can steal personal information, commit financial fraud and even drain loyalty programs.

If you wanna learn more, click here

Guest post by Dataddo—a no-code ETL tool and data integration platform for business teams.

In 1986, when there were only 0.3 exabytes of data in the world, the United States Bureau of Justice Statistics labeled data quality “a key issue of our time.” In 2021, there were 79 zettabytes of data—approximately 263,333 times more!

Data today is coming from a growing number of disparate sources and being manipulated by a growing number of professionals with varying levels of technical skill. This means that there are endless opportunities for data inaccuracies to occur—whether by the fault of humans or machines—and these inaccuracies can easily be proliferated across teams, departments, and dashboards.

If data quality was a key issue in 1986, it’s a critical issue now.

Unfortunately, there is no silver-bullet solution for how to keep data accurate. But there are several partial solutions that, when combined, help companies maintain a good standard of quality. 

Types of Data Quality Solutions

Data quality solutions fall into two categories: organizational solutions and technological solutions.

Organizational solutions have been part of data quality since the beginning, and include having a sound governance policy that outlines who has access to what data, promoting the data literacy of employees, and having firm procedures for investigating data quality failures.

Technological solutions, on the other hand, are developing at an unprecedented pace in response to growing demand. According to Gartner, by 2022, “60% of organizations will leverage augmented data quality solutions to reduce manual tasks for data quality improvements.”

For business teams, useful technological solutions include go-to-market security platforms like CHEQ, which filter out invalid traffic from dashboards to give businesses a correct view of their numbers, as well as data integration tools that automatically extract and “transform” (or harmonize) data from disparate sources, making it analytics-ready, unskewed and giving it an essential standard of quality.

Garbage In, Garbage Out: Transformation for AI Workloads

Transformation—defined as the conversion of raw datasets into interpretable information—is critical for AI workloads, which are more and more the norm. Indeed, AI-based apps are becoming increasingly prominent in industries like IT, banking, retail, marketing, and healthcare.

But for all their computational power, AI technologies are not very good at processing structurally varied data. In fact, discrepancies that the human eye could reconcile in an instant will easily baffle them.

Take calendar dates, for example. One system or user may record the date of October 31st, 2022 as 31.10.2022, while another may record it as 10.31.2022.

For you and me, it’s plain to see that both entries refer to the same date. But for AI-driven analyses, the various structures of these dates are a problem. Unless the dates are transformed into a common format, the analyses will likely yield garbage results.

Transformation is not limited to the harmonization of formats. It could also consist of changing formats altogether (like converting JSON files into tabular data), blending multiple datasets for side-by-side comparisons, or any kind of computation. As data flows through the different components of a data stack, it is subject to different types of transformations.

ETL Transformations for Business Teams

Transformations used to be the exclusive domain of data engineers, who would perform it on large amounts of data at infrequent intervals.

But today, non-technical, go-to-market teams need to analyze smaller amounts of data at more frequent intervals, and they don’t always want to wait for requests to be processed by engineers.

This is where no-code ETL tools come in. These tools, which can be operated by any business user, extract data from cloud-based services and apps, transform it, then load it into destinations like data warehouses, or send it directly to dashboarding apps.

The transformations that these tools perform automatically under the hood harmonize discrepancies between datasets coming from different systems, or which result from inconsistent, manual data entry—giving all data an essential standard of quality and making it immediately analyzable by humans and AI-based technologies.

A few of these tools enable another type of transformation: blending, i.e. the merging of datasets from multiple systems before exporting them to a dashboard. This gives business teams easy access to advanced insights and side-by-side comparisons.

Engineers are still very necessary for data modeling and advanced transformations that take place in downstream systems like data warehouses, but no-code ETL tools do much to reduce time to insights for business teams. Furthermore, if the data they process does get passed to engineers for further manipulation, such as computational transformations, it will already be pre-cleaned and easier to work with.

Dataddo is an ETL tool and data integration platform that offers all of the above capabilities and more.

Equip Every Team with the Insights They Need

No-code ETL tools empower marketing, sales, customer service, and other go-to-market teams by decoupling them significantly from data engineers. In the age of self-service analytics, this is quickly becoming a must. 

Combine a tool like Dataddo with a tool like CHEQ for filtering out invalid traffic, and you’ll give professionals across business departments timely access to clean, accurate data.

To see how Dataddo has helped other businesses turn data into actionable insights, jump to the case studies section of their website.

Definition:

A web scraper is a specific tool – an automated script – used to extract large amounts of data from websites.

Interesting Fact:

A lot of people mistake Web scraping for Web crawling. But they are not the same things. Web scraping is related to targeted data extraction on a certain webpage. While web crawling is what search engines are able to do.  A “crawler” surf web pages without a specific target, and scans and indexes the website with the internal links.

Neither is necessarily illegal, but web scraping can be programmed to scan and steal updates, content, product details, and prices. Scrapers are bots seeking data and will never become real customers. They can really be a problem for your Go-To-Market strategies.

How they are implemented?

From the simplest to the most complex ways. Web scraping can be done by the human ctrl c + ctrl v, copying and pasting data from a website into a spreadsheet, and it can also be done by computer vision web-page analysis, a more technological way of doing it through machine learning and computer vision, which is able to identify and extract information from web pages by visually understanding the pages just like a person does.

If you wanna learn more, click here