How Hackers Are Targeting B2B Payments with Remote Access Tools
B2B Payments lack oversight and real-time transaction monitoring.
High-value payments created by companies are often considered low risk, but a new wave of phishing attacks targeting finance teams is changing that. Phishing emails resembling banking online portals trick users into installing remote screen-sharing software.
The catch?
It is entirely plausible screen sharing might be required inside a corporation, as tech support teams often use it to help when there’s an issue. This makes the attack incredibly efficient and lucrative.
The solution is to embrace the scam detection techniques commonly used in consumer channels and actively look for signs of remote screening software. This can enable banks and corporations to block a transaction before the money is stolen.
B2B Payments are massive.
B2B Payments and wire transfers were once the boring backwaters of the payments industry. Corporate finance teams would log in to online portals to wire large amounts of money to suppliers or subsidiaries as part of normal operations.
Millions in B2B Transactions Flow Every Day...
This vast sum makes corporate bank accounts a tempting target for cybercriminals. And unfortunately, many businesses haven't adapted their security measures to face this evolving threat.
Remote Access: A Double-Edged Sword
Remote screen-sharing tools like AnyDesk are invaluable for legitimate business purposes, from IT support to design collaboration. However, hackers exploit these tools' trust to gain unauthorized access to corporate devices and initiate fraudulent payments.
How the attack works
Hackers send personalized phishing emails, often mimicking legitimate financial institutions, urging the recipient to download a "live chat app" to resolve an urgent issue. This "app" is actually remote access software, granting the hacker complete control of the victim's device once they share the access code.
What makes this attack so concerning is its effectiveness. The familiarity of remote access tools lowers suspicion, and traditional fraud prevention systems often lack the sophistication to detect their misuse.
Access codes provide complete control without needing traditional credentials, making them a powerful tool in the wrong hands. If a finance team is logged into the online portal, the attacker now has complete control over the corporate finance account.
Lessons from consumer scam detection
- We learned in consumer banking that detecting device usage and user behavior is the most valuable signal for detecting scams. So, even if a payment is made via a banking channel with legitimate credentials we can spot signs of a scam.
- Detecting remote access is now mission-critical. There are very few reasons a corporation would wire a significant amount of money via a remote access tool.
Detecting remote access:
Sardine is the only platform that can detect all screen sharing apps and software, including Anydesk, Teamviewer, Citrix, and Zoom or Teams screen shares.
We use proprietary signals and machine learning to deliver 92% precision and a 96% detection rate.
Today this is used by clients to help stop
- Fake tech support scams
- Fake investment advisor scams
- Customer support scams
We look for clues like guided mouse movement, calls in session, and recent screenshot behavior from linked devices.
Combined with a wider platform that comes pre-loaded with over 4,000 machine-learned features and 1,000+ ready-baked rules, we help teams go from 0 to 1 on remote access detection (and a lot more).
The Future of B2B Fraud Prevention:
By combining these behavioral insights with transaction monitoring, businesses can gain a powerful advantage in the fight against B2B payment fraud. This layered approach can stop large, unauthorized transfers in their tracks, protecting companies from significant financial losses.
So, the next time you see a remote access tool, don't panic. But do remember: the bad guys are getting smarter, and the battle lines of fraud prevention are shifting. It's time to adapt your defenses and embrace the future of behavior-based security.