In this episode, we contacted Anonymous Y, career fraudster to understand what makes them tick. We’ve got to know how they operate, and what they think of the whole prevention game.
As you can guess, there’s no information about Anonymous Y online. Not on the clearnet anyway, and not under that moniker. We were introduced to them via friends we had met while investigating darknet forums.
As a career fraudster, Anonymous Y had a lot to share about both fraud and fraud prevention. It was a fascinating interview that revealed a lot about how this underworld operates – and there could even be a few insights for fraud managers in there.
#1 Fraudsters Aren’t Safe From Other Fraudsters
When you’re in the business of acting dishonestly, it’s hard to trust anyone. This is probably why many fraudsters tend to act alone, or have trouble building solid long-term business relationships. In fact, there’s a whole subcategory of fraudsters whose expertise lies in taking advantage of wannabe fraudsters.
Then, fraudsters are always worried about navigating traps setup by law enforcement authorities.So many of these sites are honeypots and trying to lock in fraudsters, pushing fraudsters to give out some information so they can help locate them. Click To Tweet
“…and, you know, it’s also about creating communication channels with fraudulent organizations, cybercrime groups. (…) Most of the time is clear that these forums are also run by fraudsters, actually.
So, there’s different services or products and, you know, what happens is they actually try to find people who want to do some fraudulent operations to earn money, but of course, they have to invest money. So, the investment which they make the first time usually will be lost to that.”
#2 Darknet Marketplaces Aren’t Reliable Either
Similarly, fraudsters can never fully rely on marketplaces to buy or sell their wares (more often than not in the form of stolen IDs). They have to pay a fee to register, and are always at the mercy of an exit scam, where the whole marketplace disappears overnight after emptying everyone’s crypto wallets.
“I always use the most popular marketplaces where I can register. I have to pay a fee to be a vendor and then I publish my products and put them in the right categories.
The picture and my contact details describe the products and I’m always jumping on new sites because it’s very important to have a consistent name as a vendor. Of course, I’m thinking about setting up my own website on the TOR network, because, you know, if the marketplaces are getting shut down every second week or so…”
#3 Telegram is The #1 Comms Channel
So how do fraudsters manage their day-to-day operations? It turns out the very popular messaging service Telegram is key. Anonymous Y explains how it got to be the #1 communication channel favoured by fraudsters and cybercriminals:
“In the beginning, we used most of the communication channels made by Russian organizations because they were free for such topics. Later we opened up more to Western markets, the so-called SMP network we utilized, which is a peer-to-peer, decentralized communication network.
You could set up an account in a few clicks, and you had to encrypt your messages, so you could download Suiter and then you could download the plugin (…). Most of the vendors and most of the buyers now moved to telegram because it’s also untraceable and is open source and the code is published on GitHub. You can be quite sure that they wouldn’t release any information about your communications to the authorities.”
In fact, Anonymous Y goes on to say that 95% of his business communications are done via Telegram.
#4 Fraudsters Can Bypass Bad Device Fingerprinting
Every technological innovation is leveraged by both the fraudster side and the anti-fraud teams. While device fingerprinting technology, which looks at a configuration of software and hardware, is a great tool to spot suspicious connections, some fraudsters can check if it’s present on your site.
“So me and my peers, we usually test these tools, and we check our Profile before we try to interact with the target sites. And it’s very easy, actually, to see which protection the provider uses, because usually, they insert the device fingerprinting just there on the front end.
So, if you open the console on the browser, you can see what you are after. You can see which product it is and then you can create an eCommerce store with it. You can actually try to profile your device, IP, your behaviour on that, and so if that product can buy them, you can bypass that protection on your site, that you can just be quite sure that you will pass through.”
#5 But they Have No Time to Create Complex Profiles
However, one of the biggest obstacles for fraudsters (and therefore the best line of defense for businesses) is getting a full picture of the user. This is because creating a whole digital footprint from scratch is time consuming, and not worth the effort for opportunistic attacks.
“You just have to understand that if something takes a lot of time to deal with, like creating fake profiles on the Internet or creating fake Facebook accounts, etc., they wouldn’t do it.
So, fraudsters wouldn’t really mess with that because then it would take more time and they would have a lower hourly fee then maybe going to another site where there are not so strong security measures. What I would say is definitely try to think like fraudsters, you can actually see patterns much easier than not being aware of what is going on on your site.”
Not that we should feel bad for fraudsters, but it’s interesting to see that their business model isn’t exactly stable or secure. They are at the mercy of law enforcement traps, dishonest business relationships, and unreliable marketplaces that can make away with their funds at any moment.
This does reveal one interesting point: fraudsters need to think long and hard about which business they’re going to target. And if you can show that your line of defense is powerful enough to deter them, that’s already half the battle won.
But even the latest techniques like device fingerprinting won’t be much help if they are implemented badly, or by themselves. At the time of writing, full data enrichment is still the way to go, especially when combined with other risk tech. But let’s see how that changes in the upcoming years…
Learn more about our products
Jimmy is the CCO of SEON and brings his in-depth experience of fraud-fighting to assist fraud teams everywhere.