Analytics Story: Remote Employment Fraud
Description
Fortify your insider threat monitoring with searches that monitor for and help you investigate possible remote employment fraud.
Why it matters
Remote employment fraud involves threat actors posing as job seekers or employers to gain unauthorized access to organizations, often using fake or stolen identities. This can result in insider threats, data breaches, financial loss, and reputational damage, as attackers exploit remote onboarding processes to infiltrate systems or harvest sensitive information. Strong identity verification, background checks, and ongoing monitoring are critical to mitigating these risks.
Detections
| Name | Technique | Type |
|---|---|---|
| Geographic Improbable Location | Valid Accounts | Anomaly |
| Zoom Rare Input Devices | Audio Capture | Hunting |
| Zoom Rare Audio Devices | Audio Capture | Hunting |
| Okta Non-Standard VPN Usage | Valid Accounts, Proxy, Protocol Tunneling | TTP |
| Zoom Rare Video Devices | Audio Capture | Hunting |
| Zoom High Video Latency | Valid Accounts | Anomaly |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Okta | Other | OktaIM2:log |
Okta |
References
Source: GitHub | Version: 2