The journalist’s nose can be relied upon to sniff out a good story — but can it also sniff out identity fraud?

Shir Levin thinks so. As a fraud analyst with IBM Trusteer, Shir spends her days detecting anomalies in financial accounts and tracking down the bad guys preying on society’s most vulnerable. Shir cut her teeth in news as a journalist for the Israel Defense Force’s radio station, Galei Tzahal (Army Radio), at the age of 18 — and the two roles are more similar than you might think.

“As a news presenter, you need to separate the wheat from the chaff and see the big picture,” Shir said. “And an analyst should also understand the data at a very high level while seeing the story behind the numbers.”

But news wasn’t always Shir’s calling. She applied to Galei Tzahal at 18 because “it sounded intriguing,” though she admits she knew little about journalism.

“Those years were amazing, and kind of crazy,” she said. “I was lucky to have the opportunity to learn from the best journalists in Israel, meet the country’s policymakers, and get my microphone in front of them to ask questions.

“I learned a lot, gained a lot of meaningful, character-building experiences and also made many great friends, including my husband. But it also led me to realize this was not the career for me.”

Understanding the Human Behind the Numbers

While government and law are fascinating fields, they just weren’t data-driven enough for Shir. After her Israeli national service, she went on to study statistics and psychology and fell in love with both fields. She said she was lucky to find a job that combines data with a great product while doing global good with fraud protection.

At Trusteer, Shir works on Pinpoint, a risk engine that detects digital identity theft and fraudulent activities on bank accounts. She writes new logic designed to detect those anomalies and monitor rules performance. She also investigates fraud cases and legitimate user activities to ensure the team has the best possible understanding of the current threat and fraud protection landscapes.

With a background as a legal correspondent, a passion for data and an education in psychology, it seems Shir was tailor-made for her role. Every day, she enters the mind of a fraudster, looking to predict criminal activities, understand how malware works, and identify behavioral anomalies and spoofing attempts while also performing analysis and operational research.

In other words, Shir’s job is to “understand the man behind the numbers.”

How Does a Fraudster Behave?

“Maybe it does have something to do with my news background,” she reflected, “because I always find it easier to get at the bigger picture when you’re telling the story, using the trails you find. When I investigate a fraudulent case or wish to create a new logic to our system, the most effective way would be to try and tell what I believe had happened or what should be caught.”

Shir uses her knowledge of psychology to understand not just the fraudster, but also the end user. She must ask herself, for example, whether it’s suspicious for a particular user to log in to his or her bank account using a hosting service, or to change internet service providers (ISPs) often. The user could be a fraudster, but he or she could also just have strong knowledge of security.

“This is a fast-growing and evolving field that involves both technical and human aspects,” she said. “As time passes and technology progresses, IT security becomes a bigger and more significant part of the everyday life of every person.

“I also find it very creative. Fraudsters change their methods fast, and we should be even faster to catch them. We live in an ever-changing world, and we need to take the opportunities we receive.”

The Psychology of Identity Fraud

Ultimately, Shir describes her role as a unique combination of psychology and statistics. She gathers a lot of data, builds profiles for end users and then tries to draw the line between legitimate and suspicious activity to enable fraud protection.

Knowledge of psychology especially helps in social engineering cases, which, according to Shir, total around 30 percent of fraud cases for some of Trusteer’s clients. Social engineering mainly targets elderly victims and other vulnerable groups and involves the fraudster manipulating the victim. Fraudsters participating in phone scams may even pose as bank employees and attempt to trick users into installing malware disguised as fraud protection software. These fraudsters prey on bank customers’ lack of knowledge and fear of losing savings.

“The challenge here is obvious,” Shir explained. “We can’t rely on device identification methods because the fraud is conducted using the known trusted user’s device, so we have to analyze the user’s behavior. How is he acting throughout the fraud? In which parts does he feel afraid? Nervous? Bored? And how can we use that to our advantage?”

As much as she loves the thrill of chasing down bad guys, Shir said the real satisfaction comes from making the world a safer place.

“Knowing that what I do not only maximizes profits, but also helps people, is just great,” she said.

This sentiment is typical of the Trusteer team. Not unlike journalists working a steady beat, these devoted security professionals are committed to exposing flaws in the banking system, tracking down the bad guys and seeking justice for all.

And for Shir Levin, preventing negative fraud headlines from making it to print is even more satisfying than reporting them to the world.

Meet worldwide technical sales leader Shaked Vax

More from Banking & Finance

How the ZeuS Trojan Info Stealer Changed Cybersecurity

4 min read - Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data. Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The…

4 min read

2022 Industry Threat Recap: Finance and Insurance

5 min read - The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

5 min read

How to Spot a Nefarious Cryptocurrency Platform

4 min read - Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

4 min read

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read