crime

Auto Added by WPeMatico

The SEC and the DOJ just charged this startup founder with fraud, saying he lied to Tiger and others

Today, both the U.S. Department of Justice and the Securities and Exchange Commission charged Manish Lachwani, co-founder of mobile app testing company HeadSpin, with fraud. The SEC says he violated antifraud provisions, and the civil penalties it’s seeking include a permanent injunction, a conduct-based injunction, and to bar him for serving as a corporate executive or board member.

The DOJ, which arrested Lachwani earlier, has accused him of one count of wire fraud and one count of securities fraud, and the associated penalties if he’s found guilty are more harsh, including, for wire fraud, a maximum sentence of 20 years in prison and a fine of $250,000. If he’s found guilty of securities fraud, he faces a maximum sentence of 20 years in prison and a fine of $5,000,000.

Both the the SEC and the DOJ say Lachwani — who led the six-year-old company as CEO until May of last year — defrauded investors out of $80 million by falsely claiming that HeadSpin had “achieved strong and consistent growth in acquiring customers and generating revenue” when he was pitching its Series C round to potential backers.

By the SEC’s telling, his fabrications were designed to help secure the round at a so-called unicorn valuation. That apparent plan worked, too, with Palo Alto-based HeadSpin attracting coverage in Forbes in February of last year after Dell Technologies Capital, Iconiq Capital and Tiger Global provided the company with $60 million in Series C funding at a $1.16 billion valuation. Forbes reported at the time that the valuation was double the valuation investors assigned HeadSpin when it closed its Series B round in October 2018.

The SEC also says that Lachwani was looking to enrich himself, saying he did so “by selling $2.5 million of his HeadSpin shares in a fundraising round during which he made misrepresentations to an existing HeadSpin investor.” (It isn’t clear from its complaint whether the SEC is referring to the Series C or an earlier round.)

The two federal complaints suggest that Lachwani’s alleged scheming to inflate HeadSpin’s valuation dates back to “at least 2018,” and the DOJ says it picked up momentum when the company was fundraising in late 2019.

More specifically, the DOJ complaint alleges that “in materials and presentations to potential investors, Lachwani reported false revenue and overstated key financial metrics of the company … he maintained control over operations, sales, and record-keeping, including invoicing, and he was the final decision-maker on what revenue was booked and included in the company’s financial records.”

In the investigation that led to the DOJ’s charges, the FBI discovered “multiple examples” of Lachwani “instructing employees to include revenue from potential customers that inquired but did not engage HeadSpin, from past customers who no longer did business with HeadSpin, and from existing customers whose business was far less than the reported revenue,” says the department.

How far off were these collective calculations? The complaint says that ultimately, Lachwani “provided investors false information that overstated HeadSpin’s annual recurring revenue … by approximately $51 million to $55 million.”

According to the complaint, Lachwani’s fraud unraveled after the company’s board of directors conducted an internal investigation and revised HeadSpin’s valuation down from $1.1 billion to $300 million. Indeed, in August of last year, The Information reported that the company was planning to lower the value of its Series C stock by nearly 80%.

The outlet reported at the time that Lachwani had already been replaced by another executive. That person, according to LinkedIn, is Rajeev Butani, who joined HeadSpin as its chief sales officer early last year.

Nikesh Arora, a former SoftBank president and the current CEO and chairman of Palo Alto Networks, helped lead the internal review as a then-director on the board of HeadSpin, said The Information.

The SEC says its investigation is continuing. The DOJ similarly notes in its announcement that “a complaint merely alleges that crimes have been committed, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt.”

Either way, the outlook doesn’t look very promising right now for Lachwani, who, according to Forbes, previously sold a mobile cloud business to Google and wound up co-founding HeadSpin after Yahoo co-founder Jerry Yang introduced him to Brien Colwell, a former Palantir and Quora engineer who was working at the time on a different startup.

Colwell remains with HeadSpin as its CTO. He has not been named in either the SEC or the DOJ’s complaints relating to HeadSpin.

The company itself, which says it has been cooperating with the government’s investigation, was also not charged.

Powered by WPeMatico

Fraud protection startup nSure AI raises $6.8M in seed funding

Fraud protection startup nSure AI has raised $6.8 million in seed funding, led by DisruptiveAI, Phoenix Insurance, AXA-backed venture builder Kamet, Moneta Seeds and private investors.

The round will help the company bolster the predictive AI and machine learning algorithms that power nSure AI’s “first of its kind” fraud protection platform. Prior to this round, the company received $550,000 in pre-seed funding from Kamet in March 2019.

The Tel Aviv-headquartered startup, which currently has 16 employees, provides fraud detection for high-risk digital goods, such as electronic gift cards, airline tickets, software and games. While most fraud detection tools analyze each online transaction in an attempt to decide which purchases to approve and decline, nSure AI’s risk engine leverages deep learning techniques to accurately identify fraudulent transactions.

NSure AI, which is backed by insurance company AXA, said it has a 98% approval rating on average for purchases, compared to an industry average of 80%, allowing retailers to recapture nearly $100 billion a year in revenue lost by declining legitimate customers. The company is so confident in its technology that it will accept liability for any fraudulent transaction allowed by the platform.

Founders Alex Zeltcer and Ziv Isaiah started the company after experiencing the unique challenges faced by retailers of digital assets. The first week of their online gift card business found that 40% of sales were fraudulent, resulting in chargebacks. The founders began to develop their own platform for supporting the sale of high-risk digital goods after no other fraud detection service met their needs.

Zeltcer, co-founder and chief executive, said the investment “enables us to register thousands of new merchants, who can feel confident selling higher-risk digital goods, without accepting fraud as a part of business.”

NSure AI, which currently monitors and manages millions of transactions every month, has approved close to $1 billion in volume since going live in 2019.

 

Powered by WPeMatico

Fraud prevention platform Sift raises $50M at over $1B valuation, eyes acquisitions

With the increase of digital transacting over the past year, cybercriminals have been having a field day.

In 2020, complaints of suspected internet crime surged by 61%, to 791,790, according to the FBI’s 2020 Internet Crime Report. Those crimes — ranging from personal and corporate data breaches to credit card fraud, phishing and identity theft — cost victims more than $4.2 billion.

For companies like Sift — which aims to predict and prevent fraud online even more quickly than cybercriminals adopt new tactics — that increase in crime also led to an increase in business.

Last year, the San Francisco-based company assessed risk on more than $250 billion in transactions, double from what it did in 2019. The company has over several hundred customers, including Twitter, Airbnb, Twilio, DoorDash, Wayfair and McDonald’s, as well a global data network of 70 billion events per month.

To meet the surge in demand, Sift said today it has raised $50 million in a funding round that values the company at over $1 billion. Insight Partners led the financing, which included participation from Union Square Ventures and Stripes.

While the company would not reveal hard revenue figures, President and CEO Marc Olesen said that business has tripled since he joined the company in June 2018. Sift was founded out of Y Combinator in 2011, and has raised a total of $157 million over its lifetime.

The company’s “Digital Trust & Safety” platform aims to help merchants not only fight all types of internet fraud and abuse, but to also “reduce friction” for legitimate customers. There’s a fine line apparently between looking out for a merchant and upsetting a customer who is legitimately trying to conduct a transaction.

Sift uses machine learning and artificial intelligence to automatically surmise whether an attempted transaction or interaction with a business online is authentic or potentially problematic.

Image Credits: Sift

One of the things the company has discovered is that fraudsters are often not working alone.

“Fraud vectors are no longer siloed. They are highly innovative and often working in concert,” Olesen said. “We’ve uncovered a number of fraud rings.”

Olesen shared a couple of examples of how the company thwarted fraud incidents last year. One recently involved money laundering through donation sites where fraudsters tested stolen debit and credit cards through fake donation sites at guest checkout.

“By making small donations to themselves, they laundered that money and at the same tested the validity of the stolen cards so they could use it on another site with significantly higher purchases,” he said. 

In another case, the company uncovered fraudsters using Telegram, a social media site, to make services available, such as food delivery, with stolen credentials.

The data that Sift has accumulated since its inception helps the company “act as the central nervous system for fraud teams.” Sift says that its models become more intelligent with every customer that it integrates.

Insight Partners Managing Director Jeff Lieberman, who is a Sift board member, said his firm initially invested in Sift in 2016 because even at that time, it was clear that online fraud was “rapidly growing.” It was growing not just in dollar amounts, he said, but in the number of methods cybercriminals used to steal from consumers and businesses.

Sift has a novel approach to fighting fraud that combines massive data sets with machine learning, and it has a track record of proving its value for hundreds of online businesses,” he wrote via email.

When Olesen and the Sift team started the recent process of fundraising, Insight actually approached them before they started talking to outside investors “because both the product and business fundamentals are so strong, and the growth opportunity is massive,” Lieberman added.

“With more businesses heavily investing in online channels, nearly every one of them needs a solution that can intelligently weed out fraud while ensuring a seamless experience for the 99% of transactions or actions that are legitimate,” he wrote. 

The company plans to use its new capital primarily to expand its product portfolio and to scale its product, engineering and sales teams.

Sift also recently tapped Eu-Gene Sung — who has worked in financial leadership roles at Integral Ad Science, BSE Global and McCann — to serve as its CFO.

As to whether or not that meant an IPO is in Sift’s future, Olesen said that Sung’s experience of taking companies through a growth phase such as what Sift is experiencing would be valuable. The company is also for the first time looking to potentially do some M&A.

“When we think about expanding our portfolio, it’s really a buy/build partner approach,” Olesen said.

Powered by WPeMatico

Enterprise security attackers are one password away from your worst day

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cybersecurity industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organizations still use the same technological approaches they did 10 years ago. The world has changed, but cybersecurity hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

The current risks aren’t just technology problems; they’re also problems of people and processes.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cybersecurity industry must rethink its strategy to analyze how credentials are used and stop breaches before they become bigger problems.

It’s all about the credentials

Compromised credentials have long been a primary attack vector, but the problem has only grown worse in the midpandemic world. The acceleration of remote work has increased the attack footprint as organizations struggle to secure their network while employees work from unsecured connections. In April 2020, the FBI said that cybersecurity attacks reported to the organization grew by 400% compared to before the pandemic. Just imagine where that number is now in early 2021.

It only takes one compromised account for an attacker to enter the active directory and create their own credentials. In such an environment, all user accounts should be considered as potentially compromised.

Nearly all of the hundreds of breach reports I’ve read have involved compromised credentials. More than 80% of hacking breaches are now enabled by brute force or the use of lost or stolen credentials, according to the 2020 Data Breach Investigations Report. The most effective and commonly-used strategy is credential stuffing attacks, where digital adversaries break in, exploit the environment, then move laterally to gain higher-level access.

Powered by WPeMatico