Analytics Story: Remote Employment Fraud
Description
Fortify your insider threat monitoring with searches that monitor for and help you investigate possible remote employment fraud.
Why it matters
Remote employment fraud involves threat actors posing as job seekers or employers to gain unauthorized access to organizations, often using fake or stolen identities. This can result in insider threats, data breaches, financial loss, and reputational damage, as attackers exploit remote onboarding processes to infiltrate systems or harvest sensitive information. Strong identity verification, background checks, and ongoing monitoring are critical to mitigating these risks.
Detections
| Name | Technique | Type |
|---|---|---|
| Zoom High Video Latency | Valid Accounts | Anomaly |
| Zoom Rare Audio Devices | Audio Capture | Hunting |
| Zoom Rare Input Devices | Audio Capture | Hunting |
| Zoom Rare Video Devices | Audio Capture | Hunting |
| Geographic Improbable Location | Valid Accounts | Anomaly |
| Okta Non-Standard VPN Usage | Valid Accounts, Protocol Tunneling, Proxy | TTP |
Data Sources
| Name | Platform | Sourcetype | Source |
|---|---|---|---|
| Okta | N/A | OktaIM2:log |
Okta |
References
Source: GitHub | Version: 1