Download PDF
Signal Sciences > Case Studies > Preventing Wire Fraud in Mortgage Industry: A Snapdocs Case Study
Signal Sciences Logo

Preventing Wire Fraud in Mortgage Industry: A Snapdocs Case Study

Technology Category
  • Application Infrastructure & Middleware - Event-Driven Application
Applicable Industries
  • Electrical Grids
  • National Security & Defense
Use Cases
  • Tamper Detection
  • Traffic Monitoring
The Challenge
Snapdocs, a company offering a loan closing automation application for the mortgage industry, faced a significant challenge in enhancing their security posture. Their application, which provides a workflow for buyers, lenders, title and escrow representatives, and notaries, required real-time visibility to prevent account takeovers. The mortgage industry, with its numerous parties involved in a real estate transaction, presents multiple threat vectors. Notaries, for instance, often use weak passwords on their email accounts and sometimes share the same login credentials across websites. This makes the industry a prime target for wire transfer fraud, with attackers executing phishing campaigns to take over accounts and redirect funds to fraudulent third-party accounts. Snapdocs needed a solution that could identify malicious requests and other attack event patterns to prevent account takeovers. They also sought faster visibility into attackers’ web requests to trigger alerts and stop them.
About The Customer
Snapdocs is a company that offers a loan closing automation application for the mortgage industry. Their application provides a workflow for various parties involved in a real estate transaction, including buyers, lenders, title and escrow representatives, and notaries. The company's primary goal is to enhance the efficiency and security of the mortgage closing process. However, due to the numerous parties involved and the sensitive nature of the transactions, Snapdocs faced significant security challenges, particularly in preventing account takeovers and wire transfer fraud. The company needed a solution that could provide real-time visibility into potential threats and enable quick action to prevent fraudulent activities.
The Solution
To address their security challenges, Snapdocs installed the Signal Sciences NGINX module and enabled blocking mode in production within 48 hours. This not only helped block potential attacks but also provided significant visibility through Power Rules. Snapdocs used Signal Sciences Power Rules to block specific traffic originating from non-U.S. IP addresses, as such requests were uncommon among their user base. They also identified a high rate of fraudulent behavior associated with the Opera web browser, which includes a VPN that anonymizes web traffic. As a result, Snapdocs tagged and blocked some user groups using the Opera web browser by evaluating the agent header in HTTP requests. Furthermore, with Signal Sciences, Snapdocs' security staff could investigate security threats faster by leveraging relevant alerts to surface events as they happen. The integration of Signal Sciences with Slack proved extremely useful for monitoring, tagging, and blocking traffic in real-time.
Operational Impact
  • The implementation of Signal Sciences NGINX module significantly improved Snapdocs' security operations. The solution provided the company with the flexibility to prevent attacks against known tactics, such as blocking specific traffic from non-U.S. IP addresses and tagging and blocking certain user groups using the Opera web browser. Moreover, the solution streamlined operations by surfacing security events quickly through relevant alerts. This allowed Snapdocs' security staff to investigate and respond to security threats faster. The integration of Signal Sciences with Slack also proved extremely useful, enabling real-time monitoring, tagging, and blocking of traffic. As a result, Snapdocs was able to enhance its overall security posture and prevent account takeovers and wire transfer fraud more effectively.
Quantitative Benefit
  • Enabled blocking mode in production within 48 hours of installing Signal Sciences NGINX module
  • Blocked specific traffic originating from non-U.S. IP addresses
  • Tagged and blocked user groups using the Opera web browser due to high rates of fraudulent behavior

Related Case Studies.

Contact us

Let's talk!

* Required
* Required
* Required
* Invalid email address
By submitting this form, you agree that IoT ONE may contact you with insights and marketing messaging.
No thanks, I don't want to receive any marketing emails from IoT ONE.
Submit

Thank you for your message!
We will contact you soon.