Untangling the Web of Cyber Fraud

Before Chris Higdon’s career in cyber fraud investigations, he built a computer at age 14 and then worked in tech support. Now, he searches for malware and creates alerts to help protect PNC customers from fraud around the clock. 

PITTSBURGH – Chris Higdon protects PNC’s customers, including big businesses, from cyber fraud that could be costly.

As a fraud systems specialist, however, Higdon doesn’t only respond to malware, or malicious software, trouble. He also created sophisticated monitoring systems to detect and alert the team to unusual activity with corporate clients’ online accounts. These automated alerts help PNC to learn from each threat and prepare for the next potential intruder before he or she infiltrates a corporate client’s system.

Higdon compares the monitoring system to a person wearing sunglasses at night: anyone wearing sunglasses in the dark could look suspicious, but not everyone wearing them is actually doing something wrong.

The system identifies suspicious patterns in activity to investigate. If the team determines that malware is involved and there is potential for fraud, they work to stop the attack before the client’s finances are affected.

“Every infection is different. This allows us to understand what we’re up against and what our clients could be facing,” Higdon said. The alerts also prompt the team to research malware trends as close to real-time as possible—an important ability in handling malware that is constantly changing.

From Computer Games to College

Higdon’s interest in computers began when his family bought one in the late 1980s or early ‘90s and he and his father explored what they could do with the computer and the Internet as it became available.

“It started out with me playing really basic computer games, then we started investigating how to network two computers, and I gradually became the family expert,” he said.

From there, he physically built five computers, including his first when he was just 14. This interest in computers prompted him to pursue a degree in network security at Davenport University in Michigan. While there, he learned to protect systems by practicing hacking with classmates. After graduation, he took a retail position and helped local churches with lighting, projection systems and computer work until someone at the church recommended he try PNC.

Now part of PNC’s Enterprise Fraud Group, Higdon started as a temporary worker with the bank’s service center for corporate clients, helping them with technical support for their online accounts. After 18 months, Higdon became a full-time employee and continued to establish himself as an expert on PNC’s network and simultaneously became the “go-to guy” for fixing his coworkers’ computer problems, too.

With this combination of knowledge, Higdon began handling calls from corporate clients who were experiencing malware issues on their own computers. He developed a procedure and built a team to verify login attempts, investigate the issue, then help remove the infection from the client’s system.

“From my time at the call center, I know what the client sees and I know how the server works, so I know what they should see at each step,” Higdon said. “The client might not notice anything out of the ordinary, but because we’re experts, we know when something is unusual. We use this as a check after their tech support removes the malware from their computer. We’re restoring trust for them.”

After seven years with the call center, this expertise earned Higdon attention from the Enterprise Fraud Group, which asked him to join the team.


Following a Trail

Besides systems protection, Higdon also investigates fraudulent activity with individual customer accounts. These cases do not typically include malware, but rather fraudsters impersonating others through email.

Fraudsters can use a tool to fake how an email address displays. When someone replies to them, the email address changes to its true form, but not many people check the address again before sending.

In many cases, the fraudster is impersonating a customer and asking the recipient to provide information or wire money. Whether the fraudster succeeds or not, Higdon investigates the incident to determine the fraudster’s identity, learn from the attempt and try to recoup as much as possible of the customer’s money.

Higdon compares these investigations to a spider web—he and his peers follow the threads through different computer systems to find the source. This involves communicating with other banks through the National Cyber Forensics & Training Alliance, a non-profit organization for public and private sectors to collaborate and share information to fight cyber crime. The banks work together to compare information and then stop dangerous transactions.

“Through the alliance, we have connections to other banks and the FBI as well as other domestic and international law enforcement agencies. We share everything that we can regarding these threats,” he said. “Every piece we can share with the other banks and the FBI adds together to create a better case against fraudsters.”


Chris Higdon built his first computer at age 14

Knowing computers definitely got me to where I am now. It helps with investigations by having an understanding of computer fundamentals so I know what I’m seeing in cases.