Daniel Gor might be “just a regular guy” by his own account, but he’s doing important work that shouldn’t be overlooked. As a solution engineer on IBM Trusteer’s fraud analyst team, Daniel spends his days helping to protect our hard-earned cash from fraudsters.

“There’s a nice feeling knowing that you’re with the good guys,” Daniel said as he talked about social engineering and automated hacking from his office in Tel Aviv, Israel. And, as the product of two cultures, Daniel has a more global view of financial fraud than most.

Born in New York and raised in Miami through his early years, Daniel moved to Israel at the age of seven when his parents decided they wanted to be closer to their families. Today Daniel has a family of his own — a wife and seven-month-old daughter — and still lives close to his extended family in Ra’anana, a suburb not far from Tel Aviv.

He said the impact of two very different cultures sometimes comes out in his work style: A combination of American diligence and persistence with a hint of the typical Israeli “chutzpah.” He said his experiences in the army, as part of Unit 8200 in the Israeli Intelligence Corps, and at university gave him “perspective about how to get things done and how to approach tasks.”

Namely, he said, there’s an element of searching for the truth, “even if you don’t go by all the rules.” That comes in handy when writing policies for his fraud analyst colleagues.

Humble Beginnings as a Financial Fraud Analyst

Daniel graduated from university less than two years ago and went straight to work at IBM Trusteer. He started as a fraud analyst, conducting research to determine the rules the team needed to establish to protect financial data for a range of banks. The team writes rules and policies that are applied behind the scenes for the banks’ different applications; these, in turn, help identify behavioral anomalies that may indicate a fraud attempt.

Each analyst is responsible for monitoring the performance of the policies and rules at several banks; this often constitutes hundreds of rules and reams of data. Daniel’s firsthand experience as an analyst informs his current work as a solution engineer to automate processes designed to assist analysts in this monitoring and, in addition, implement machine learning algorithms that can strengthen the policies even more.

But rules and policies are just one part of the equation. Banks also need to build a picture of what each customer’s “digital identity” looks like so they can detect fraud sooner and more efficiently. Without an idea of how Joe from Jacksonville regularly interacts with his accounts, the bank will never know whether Joe’s profile has been compromised. This is an entirely new research field that Daniel is a part of.

Automated Behavioral Analysis Is a Game-Changer

In his present role as a solution engineer, Daniel partners with the team to analyze behavior indicators using machine learning models. He trains the models to identify behavioral anomalies and then writes those models as rules in the bank’s policies.

So that phone call you got from the bank asking if you were currently hesitant or suspiciously stalling while committing a transaction? That’s likely because, thanks to Daniel’s work, your bank identified an anomaly in your normal behavior patterns.

Daniel believes automation technology and AI have had a “great impact” on security in the financial sector.

“The machine learning algorithms are so smart now, they can detect anomalies only by mouse movement or the time that the fraudster spends on a page inside the account,” he explained. “The AI allows us to detect those anomalies in the user’s behaviors.”

Standing Up for Good Values

Unfortunately, fraudsters continue to exploit our human innocence and conduct artful sophistry such as social engineering to target vulnerable banking customers and steal their credentials. Daniel said he’s been surprised at the sophistication and methods used by these fraudsters, who can go so far as calling customers posing as bank personnel to supposedly help them recover money.

“In a way, I was surprised at how people can exploit people’s good natures and vulnerabilities,” he said.

In light of this threat, Daniel noted that he works in cybersecurity so his grandparents can live their lives without fear of being deceived every time the phone rings. And to those who are considering following in his footsteps, Daniel encouraged aspiring cybersecurity professionals to “just do it.” While tech careers are becoming more and more coveted, he believes the goal of working in a company “where you feel you’re adding to the world with good values” is worth aspiring to.

“In a way, I can say that I’m working for myself,” he said. “I want my money to be safe in a place only people I trust have access to, and it’s very important for the world to have these kinds of shields from people that are eventually trying to steal our money, to steal credentials. The world needs companies that are here to prevent those kinds of cases.”

Meet threat research team lead Tomer Agayev

More from Fraud Protection

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today