Signal Sciences Case Studies Preventing Wire Fraud in Mortgage Industry: A Snapdocs Case Study

	Preventing Wire Fraud in Mortgage Industry: A Snapdocs Case Study Signal Sciences

Preventing Wire Fraud in Mortgage Industry: A Snapdocs Case Study

Signal Sciences

Technology Category	Application Infrastructure & Middleware - Event-Driven Application
Applicable Industries	Electrical Grids National Security & Defense
Use Cases	Tamper Detection Traffic Monitoring
Challenge	Snapdocs, a company offering a loan closing automation application for the mortgage industry, faced a significant challenge in enhancing their security posture. Their application, which provides a workflow for buyers, lenders, title and escrow representatives, and notaries, required real-time visibility to prevent account takeovers. The mortgage industry, with its numerous parties involved in a real estate transaction, presents multiple threat vectors. Notaries, for instance, often use weak passwords on their email accounts and sometimes share the same login credentials across websites. This makes the industry a prime target for wire transfer fraud, with attackers executing phishing campaigns to take over accounts and redirect funds to fraudulent third-party accounts. Snapdocs needed a solution that could identify malicious requests and other attack event patterns to prevent account takeovers. They also sought faster visibility into attackers’ web requests to trigger alerts and stop them. Read More
About Customer	Snapdocs is a company that offers a loan closing automation application for the mortgage industry. Their application provides a workflow for various parties involved in a real estate transaction, including buyers, lenders, title and escrow representatives, and notaries. The company's primary goal is to enhance the efficiency and security of the mortgage closing process. However, due to the numerous parties involved and the sensitive nature of the transactions, Snapdocs faced significant security challenges, particularly in preventing account takeovers and wire transfer fraud. The company needed a solution that could provide real-time visibility into potential threats and enable quick action to prevent fraudulent activities. Read More
Solution	To address their security challenges, Snapdocs installed the Signal Sciences NGINX module and enabled blocking mode in production within 48 hours. This not only helped block potential attacks but also provided significant visibility through Power Rules. Snapdocs used Signal Sciences Power Rules to block specific traffic originating from non-U.S. IP addresses, as such requests were uncommon among their user base. They also identified a high rate of fraudulent behavior associated with the Opera web browser, which includes a VPN that anonymizes web traffic. As a result, Snapdocs tagged and blocked some user groups using the Opera web browser by evaluating the agent header in HTTP requests. Furthermore, with Signal Sciences, Snapdocs' security staff could investigate security threats faster by leveraging relevant alerts to surface events as they happen. The integration of Signal Sciences with Slack proved extremely useful for monitoring, tagging, and blocking traffic in real-time. Read More Log in to view content
Contents

Technology Category

Application Infrastructure & Middleware - Event-Driven Application

Applicable Industries

Electrical Grids

National Security & Defense

Use Cases

Tamper Detection

Traffic Monitoring

Challenge

Snapdocs, a company offering a loan closing automation application for the mortgage industry, faced a significant challenge in enhancing their security posture. Their application, which provides a workflow for buyers, lenders, title and escrow representatives, and notaries, required real-time visibility to prevent account takeovers. The mortgage industry, with its numerous parties involved in a real estate transaction, presents multiple threat vectors. Notaries, for instance, often use weak passwords on their email accounts and sometimes share the same login credentials across websites. This makes the industry a prime target for wire transfer fraud, with attackers executing phishing campaigns to take over accounts and redirect funds to fraudulent third-party accounts. Snapdocs needed a solution that could identify malicious requests and other attack event patterns to prevent account takeovers. They also sought faster visibility into attackers’ web requests to trigger alerts and stop them.

About Customer

Snapdocs is a company that offers a loan closing automation application for the mortgage industry. Their application provides a workflow for various parties involved in a real estate transaction, including buyers, lenders, title and escrow representatives, and notaries. The company's primary goal is to enhance the efficiency and security of the mortgage closing process. However, due to the numerous parties involved and the sensitive nature of the transactions, Snapdocs faced significant security challenges, particularly in preventing account takeovers and wire transfer fraud. The company needed a solution that could provide real-time visibility into potential threats and enable quick action to prevent fraudulent activities.

Solution

To address their security challenges, Snapdocs installed the Signal Sciences NGINX module and enabled blocking mode in production within 48 hours. This not only helped block potential attacks but also provided significant visibility through Power Rules. Snapdocs used Signal Sciences Power Rules to block specific traffic originating from non-U.S. IP addresses, as such requests were uncommon among their user base. They also identified a high rate of fraudulent behavior associated with the Opera web browser, which includes a VPN that anonymizes web traffic. As a result, Snapdocs tagged and blocked some user groups using the Opera web browser by evaluating the agent header in HTTP requests. Furthermore, with Signal Sciences, Snapdocs' security staff could investigate security threats faster by leveraging relevant alerts to surface events as they happen. The integration of Signal Sciences with Slack proved extremely useful for monitoring, tagging, and blocking traffic in real-time.

Impact #1	The implementation of Signal Sciences NGINX module significantly improved Snapdocs' security operations. The solution provided the company with the flexibility to prevent attacks against known tactics, such as blocking specific traffic from non-U.S. IP addresses and tagging and blocking certain user groups using the Opera web browser. Moreover, the solution streamlined operations by surfacing security events quickly through relevant alerts. This allowed Snapdocs' security staff to investigate and respond to security threats faster. The integration of Signal Sciences with Slack also proved extremely useful, enabling real-time monitoring, tagging, and blocking of traffic. As a result, Snapdocs was able to enhance its overall security posture and prevent account takeovers and wire transfer fraud more effectively.

Impact #1

The implementation of Signal Sciences NGINX module significantly improved Snapdocs' security operations. The solution provided the company with the flexibility to prevent attacks against known tactics, such as blocking specific traffic from non-U.S. IP addresses and tagging and blocking certain user groups using the Opera web browser. Moreover, the solution streamlined operations by surfacing security events quickly through relevant alerts. This allowed Snapdocs' security staff to investigate and respond to security threats faster. The integration of Signal Sciences with Slack also proved extremely useful, enabling real-time monitoring, tagging, and blocking of traffic. As a result, Snapdocs was able to enhance its overall security posture and prevent account takeovers and wire transfer fraud more effectively.

Benefit #1	Enabled blocking mode in production within 48 hours of installing Signal Sciences NGINX module
Benefit #2	Blocked specific traffic originating from non-U.S. IP addresses
Benefit #3	Tagged and blocked user groups using the Opera web browser due to high rates of fraudulent behavior

Benefit #1

Enabled blocking mode in production within 48 hours of installing Signal Sciences NGINX module

Benefit #2

Blocked specific traffic originating from non-U.S. IP addresses

Benefit #3

Tagged and blocked user groups using the Opera web browser due to high rates of fraudulent behavior

Download PDF Version

Overview

Preventing Wire Fraud in Mortgage Industry: A Snapdocs Case Study

Operational Impact

Quantitative Benefit