Security Experts:

Connect with us

Hi, what are you looking for?


Fraud & Identity Theft

Where do Fraudsters Learn About New Attacks? From the Good Guys.

To Maximize Profits, Fraudsters Need to do a Whole Lot of Learning.

To Maximize Profits, Fraudsters Need to do a Whole Lot of Learning.

Fraud provides endless opportunities for the enterprising individuals who commit it. There are many techniques to separate unsuspecting victims from their money, and even more so, cover stories that allow the fraudsters to implement those techniques. Fraud by nature is a process, and in most cases, an elaborate one. Take for example, the classic process of a technique involving setting up a Phishing attack, logging into the victim’s online banking account and transferring the money to a mule account (an account operated by the fraudster or an associate that is used to accept and cash out fraudulent funds). For the Phishing attack, the fraudster would need a “root” (a hosting server, either hacked or rented with a stolen credit card), a “scam page” (the Phishing kit), a mailing list to spam the Phishing letter to and a tool that would actually send the spam E-mails. Even before that, he’ll have to find out which bank is the easier target.

Fraud TechniquesOnce the Phishing attack is set up and victims’ credentials are collected, he’ll have to log into the bank’s website, probably using a proxy server as to not arouse suspicion. Then, he’ll have to transfer the money to a pre-determined mule account based on the money transfer policies of the bank. This would require the fraudster to know exactly how much money is safe to transfer without arousing the suspicion of the bank’s fraud department. Getting a mule is no walk in the park either. Most mules are recruited in work-from-home scams, meaning setting up a mule recruitment network, managing the mules, and so on.

The level of sophistication that’s required to commit fraud even in classic schemes, as this example shows, pushed fraudsters to build the underground community. Instead of learning how to do everything, fraudsters learn how to do one thing very good and then offer it as a service to the market. While this arrangement simplifies the fraud process and enables unsophisticated fraudsters to commit fraud, there’s still a big variance in the success rate of whatever each fraudster is doing. A mule network for example, can be extremely unsophisticated, focusing on social engineering through E-mails, or extremely sophisticated, using a back-office mule management panel and a “front” website of a fake company that is supposedly hiring. The cover stories for each mule network can also change, from one based on simple cookie-cutter E-mail templates to a custom-written hiring process designed to lure unwitting individuals to sign up as mules. These variances affect the success rate of the scam and therefore how much money the fraudster will be making (either by actually stealing money or the price for his service that he can charge in the underground market).

Looking to maximize their profits, fraudsters need to do a whole lot of learning. They can either learn techniques of areas they have not focused on thus far, learn better techniques in the field they already specialize in, or learn new cover stories to improve the techniques they already use. A lot of this learning is done through trial and error. That’s how fraudsters discover vulnerabilities in banks’ processes that allow them to cash out a lot of money with relatively little effort.

Several years ago, a lot of this learning was also done through their peers in the underground communities. Respected members posted tutorials on specific parts of the fraud process, or the entire process in its entirety, while other members opened discussion threads about subjects that interested them. However, as these communities were being shut down by law enforcement, many communities changed and focused strictly on being a platform for underground trading. Tutorials and discussions still exist, but not in the volumes of the past. Fraudsters had to learn from their peers in a different way.

Law enforcement agencies, security companies, reporters and various organizations often blog or write articles about the latest and greatest scams that were observed in hopes that others learn to better protect themselves. Instead of reading tutorials, fraudsters simply follow these publications to see what other fraudsters are doing. In case the technique works, or in case they just see potential, they can adopt it for themselves. One fraudster suggested checking out the website of the Internet Crime Complaint Center, an FBI-NW3C partnership that allows victims to file complaints on scams. The website also details an extensive list of Internet crime schemes, which fraudsters can read and learn from. The fraudster suggested picking one that looks nice and thinking of ways to make it more effective and “bulletproof.” In another case, fraudsters listed various blogs of security companies and reporters, with a suggestion to track their various posts.

Fraudsters will always search for new ways to expand their knowledge in the extremely broad field of fraud. Not only do fraudsters show intelligence gathering capabilities from “the enemy” (the banks and the security industry that protects them), but they also use the enemy’s intelligence gathering capabilities to their benefit – improving the sophistication level of their own attacks.

Written By

Click to comment

Expert Insights

Related Content


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Application Security

Virtualization technology giant Citrix on Tuesday scrambled out an emergency patch to cover a zero-day flaw in its networking product line and warned that...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...