In order to understand how to combat fraud, we sometimes have to think like fraudsters. To that end, we’ve previously purchased travel tickets on the dark web. Today, we’ll apply for a loan with stolen ID.
An important disclaimer: This article is not a guide, and we do not condone illegal activity. Our platform is designed to fight against fraud, which is why we sometimes have to step into their shoes to understand how they work.
It Begins with The Dark Web
Like with many other illegal online activities, it starts with the dark web. This is the collection websites on the internet that are encrypted, non-indexed by search engines, and require specific tools and software to access.
The darkweb’s main appeal is that it provides anonymity. Using the TOR browser, you can visit special .onion addresses that are only accessible via its hidden service protocol. Alternatively fraudsters can use I2P, which makes use of a peer-to-peer-like routing structure.
It is where you will find most illegal marketplace. However, it should be noted that some marketplaces regularly appear on the clear net, which means you can access them with a standard web browser (Chrome, Safari, Firefox etc..)
Why Target Loan Companies?
We’ve already written a complete article on why fraudsters love payday and fastloan companies. But according to the description of a fraudster guide, this is how they see it in their own words:
“Payday and installment loan companies are generally low security as they charge such high interest rates and want to process as many loans as possible. Also due to their nature they are quick to pay out. This makes them ideal targets for loan fraud, and our guide will show you how to make EASY MONEY! Not just limited to payday loans, this guide also works EASY with other loan companies.”
How Easy Is It To Get Started?
While we didn’t actually go through the illegal process ourselves, we gathered enough evidence to prove that loan fraud is rampant. This is how easily we could find everything we needed:
#1 Finding tutorials and tools
After installing the TOR browser, we had no problem accessing a few known darknet marketplaces. Just browsing the products available revealed that beginner guides abound.
#2 Buying “Fullz”
Fraudsters have coined the term Fullz, referring to a full combo of personal ID details. They usually include a first name, last name, ID documents and optionally a credit card (CC) number.
#3 Validating credit scores
Of course, loan companies try to protect themselves from scams by deploying credit scoring systems. Unfortunately, fraudsters have a way around it. They simply purchase background and credit information with pre-existing high credit scores for their applications, which they pay with a stolen credit card to avoid unnecessary expenses.
#4 Bypassing IP checks
Another common way to flag fraudsters is to block suspicious IP addresses. Once again, this is easily fooled simply by purchasing a validated IP address, as shown here with this screenshot of Socks5. It allows anyone to buy from hundreds of UK-based residential IPs:
#5 The bank drop
Loan companies will pay directly into a bank account. Fraudsters can simply purchase one from an illegal marketplace. It will sometimes provide a credit or debit card along with the required IBAN number:
#6 Phone verification
Most online companies will implement 2FA authentication these days, which requires a phone number. Fraudsters can easily download apps from the App or Play store to generate numbers on a “burner” phone – one that is designed not to leave a trace.
#7 The loan application
At this time, fraudsters have already found everything they need. But loan companies sometimes require extra document verification proof showing at least basic information. Since it’s unlikely fraudsters already have the exact paperwork they need, they can simply use an online service that photoshops the right paperwork for them.
#8 Cashing out
Finally, fraudsters will need to wire the loan to the bank drop. Cashing the money out from the bank drop is really easily nowadays. This usually means sending it to a cryptocurrency exchange, where they can buy bitcoins or other currencies, which can be used to continue purchasing goods or more fraud tools.
Conclusion – How to Protect your Loaning Company?
At every step of our research, we were amazed at how easy it would be to defraud loaning companies. No wonder, it is one of the most targeted verticals by fraudsters.
But if you are in the industry, don’t despair. Using a combination of tools and processes, you should already have enough data points to create a much more precise of who your borrowers are:
- While some points are falsifiable, it’s harder to falsify all of them all of the time. By checking the connections between data points, a good integrated system can find red flags that would otherwise be invisible. This can stem from device fingerprinting, IP scanning or even a user email address.
- A strong precaution is also to maximize what can be done at the credit scoring stage. Using the right combination of tools, it is possible to improve your fraud detection rate without sacrificing user experience.
- Data enrichment: while it is particularly efficient at the credit scoring stage, it’s also possible to perform quick data enrichments for manual review with a tool like SEON’s Intelligence tool.
- Staying on top of fraud trends and doing your own research can also go a long way in understanding attack patterns and preventing them.
Finally, at SEON, we are continuously striving to educate fraud managers and organization leaders on the best practices to combat fraud. In September 2019, we will be holding a webinar on the topic. Seats will be filling up fast, so please subscribe to our newsletter for more information.