November 20, 2019
Connect with Pindrop @ re:Invent
Pindrop will be in Las Vegas attending re:Invent 2019 from…
By Jonah Berg-Ganzarain
Credit card fraud gangs are becoming more strategic in their efforts to exploit the public. These groups are expanding their operation to create remote learning courses, teaching potential fraudsters how to succeed, according to a new report from Digital Shadows.
In a report released this week, Digital Shadows combed through hundreds of criminal forums and consistently found the trend of remote learning to train future criminals popping up. These “classes” are aimed at Russian speakers and tend to be six weeks long and include webinars, detailed notes, and lectures from professionals, all for $945. It promises the reader to make nearly $12,000 a month, many times more than the average monthly Russian income ($700).
The report highlights that social engineering is given a heavy emphasis in the courses. Eager students will learn how to manipulate victims through knowledge of their local area in order to build rapport with the target and trick them into exposing information (such as PIN numbers), usually over the phone. As one instructor says, “that’s why I always advise to watch the news because with such incidents, it is possible to play beautifully.”
The cybercrime underground has a long history of sharing information and tactics, and this latest evolution of it looks like a direct response to the efforts that card issuers, banks, and other target organizations have made to stop fraud and cybercrime.
“The card companies have developed sophisticated anti-fraud measures and high-quality training like this can be seen as a reaction to this,” said Rick Holland, vice president of strategy at Digital Shadows. “Unfortunately, it’s a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers. However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust their defenses accordingly.”
The report’s research showed that there are four main groups where credit card criminals tend to fall:
EMV-chip enabled cards have helped protect consumers from more physical card fraud (like skimmers) but many merchants in the United States have not fully integrated EMV-chip functionality in their payment systems, leaving consumers exposed to potential fraud.
The report includes tips for consumers recommending that consumers protect their PIN, check their statements thoroughly, be picky about who they online shop with and exercise extra caution when making online travel bookings that seem “too good to be true”.