Credit card fraud gangs are becoming more strategic in their efforts to exploit the public. These groups are expanding their operation to create remote learning courses, teaching potential fraudsters how to succeed, according to a new report from Digital Shadows.
In a report released this week, Digital Shadows combed through hundreds of criminal forums and consistently found the trend of remote learning to train future criminals popping up. These “classes” are aimed at Russian speakers and tend to be six weeks long and include webinars, detailed notes, and lectures from professionals, all for $945. It promises the reader to make nearly $12,000 a month, many times more than the average monthly Russian income ($700).
The report highlights that social engineering is given a heavy emphasis in the courses. Eager students will learn how to manipulate victims through knowledge of their local area in order to build rapport with the target and trick them into exposing information (such as PIN numbers), usually over the phone. As one instructor says, “that’s why I always advise to watch the news because with such incidents, it is possible to play beautifully.”
The cybercrime underground has a long history of sharing information and tactics, and this latest evolution of it looks like a direct response to the efforts that card issuers, banks, and other target organizations have made to stop fraud and cybercrime.
“The card companies have developed sophisticated anti-fraud measures and high-quality training like this can be seen as a reaction to this,” said Rick Holland, vice president of strategy at Digital Shadows. “Unfortunately, it’s a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers. However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust their defenses accordingly.”
The report’s research showed that there are four main groups where credit card criminals tend to fall:
- Card Data Harvesters: These are the people who go out and get the card information maliciously, whether it is through skimming, malware or social engineering.
- Distributors: These are the individuals who repackage and sell the card information. Typically, they are the ones who stand to make the most money.
- Fraudsters: These are the individuals who commit the fraud, making purchases on others credit cards.
- Monetization: This is a little more complicated, the report states “There are many different roles within the stage, including those who have been duped into operating drop addresses and those involved in the reselling of fraudulently acquired goods”
EMV-chip enabled cards have helped protect consumers from more physical card fraud (like skimmers) but many merchants in the United States have not fully integrated EMV-chip functionality in their payment systems, leaving consumers exposed to potential fraud.
The report includes tips for consumers recommending that consumers protect their PIN, check their statements thoroughly, be picky about who they online shop with and exercise extra caution when making online travel bookings that seem “too good to be true”.