Scenario: You work for a financial services company that conducts a lot of wire transfers. You know that your customers are at risk for many common scams, such as fake rental deposit requests, lottery winnings that supposedly require a tax prepayment, and overpayments on bad checks. You want to do everything you can to protect your customers from scammers and protect the reputation of your business.
To succeed in implementing this use case, you need the following dependencies, resources, and information.
- People: Security analyst, threat hunter
- Technologies: Splunk Enterprise or Splunk Cloud Platform
- Data: Business service data of wire transfer data
- A CSV or KV lookup file of data on suspicious countries
Your sourcetypes may not have the same fields as the ones demonstrated in the sample searches. Adjust field names as needed to match your environment.
How to use Splunk software for this use case
Depending on what information you have available, you might find it useful to identify some or all of the following:
- Large wire transfer immediately after account activation
- Wire transfers into suspicious or banned countries
- Wire transfers from multiple client IP addresses
- Number of wire transfers exceeds threshold
- Multiple account login denials followed by authorization
Use the results of these searches to make recommendations to the rest of the security team about which users should be investigated for potentially fraudulent activity. Be sure to follow any industry policies and regulations that are required for compliance.
The searches in this guide are also included in the Splunk Essentials for the Financial Services Industry app, which provides more information about how to implement them successfully in your financial services maturity journey. In addition, this Splunk resource might help you understand and implement this use case: