In our latest episode, Anonymous X shares ideas on how people get started with online fraud.
A few weeks ago, we spoke to a fraudster whom we nicknamed Anonymous Y. This time, we chatted with another career criminal who we’ll call Anonymous X.
In this episode, we really wanted to understand more about how fraudsters get started in the game, and what it could mean for protecting your business.
We learned a lot during this 30-minute conversation, and here are 5 points to take home with you:
Beginner Fraud Guides Aren’t Exactly Actionable
The first thing we learned is that wannabe fraudsters don’t have it easy. The whole cottage industry of fraud guides and ebooks is more or less a scam. As Anonymous X puts it:
“Usually, a tutorial or a guide is being created when the method doesn’t work so well anymore. I would say that, in many cases, when the method is not about a very specific target site with a very specific method describing very specific tools, then, you know, if it’s more general, usually they tend to stick longer.”
What fraudsters will find in these guides are therefore more general guidelines, but it’s still an incentive for them to put in the work in themselves:
“When we talk about guides for bonus abuse or, you know, guides where you apply with stolen identities for credit, usually it’s more about which side has not a very strict protection system in place. And I would say that definitely, it’s the general tutorials and guides which are less saturated.”
Forums and Telegram Are Where the Best Information Can Be Found…
Anonymous X goes on to explain that there is, however, a handful of reliable English-speaking fraud forums on the clearnet.
“Yes, there are some English-speaking forums which are still useful, and they haven’t been shut down by the law enforcement agencies. I would say (..) the forums which are connected to card and dump shops.”
They then list a dozen website names, which we won’t print here, but are easily found with a quick Google search. As for Telegram:
“I think the different Telegram channels are also quite useful and usually those previously mentioned webshops were Telegram channels where it’s free to join. They usually provide some free tips and guides so you can just look them up. You search Telegram there with the shop name and then you can find a community channel usually.”
The increasing popularity of Telegram for fraud chats is also a topic that Anonymous Y mentioned in their interview.
…. But The Knowledge is Rarely Offered for Free
Of course, fraudsters aren’t in that line of work because they think it’s noble. They value their knowledge and have no qualms about selling it to others. This is why the surest way to get started is to buy your way in. As Anonymous X puts it:
“It is usually quite straightforward. You have to deposit a specific amount of money, which you can then spend. But that’s kind of like a filter where, you know, starters are basically just blocked because they don’t invest $500 to enter a shop. And I think it’s quite efficient, because it’s just how the world works. So obviously someone who is, you know, a leecher, then they won’t invest anything upfront. So, it’s better to keep those places for the big, big players.”
For Advanced Criminals, Cooperation is the Name of the Game
One of the most fascinating sections of the interview focuses on how fraudsters organize around a target. This is what Anonymous X said about joining specialist Telegram channels:
“I would say that they are incredibly hard to get access to, because the people who are already in it will do their best to only get in people who we are providing value to that community. These closed chat groups are usually created for the purpose of exchanging ideas, goods, and services. So, you know, maybe someone is good at getting stolen credit card numbers. Someone is good at verifying those numbers. They create like a mini-community, a mini-ecosystem around getting data, using the data. Maybe it can even go on to be about laundering money.”
Fraudsters in Different Locations Have Different Skill Sets
The way Anonymous X sees it, attacking a site is a lot like starting a business. And they know how to source talent from different sources.
“When you create a business you will ask people to do services and products to make it work. That’s how they can scale up very quickly and, you know, they are very, very dominant in specific regions. So, I would say US fraudsters might not be that sophisticated. Usually, they are targeting US merchants or US sites from abroad. But there are strong groups in Brazil, Colombia, Mexico, South Africa and Vietnam and Japan.”
Then there is, of course, the overlap with cybercrime, which is still dominated by Eastern European groups.
I think the different Telegram channels are also quite useful and usually those previously mentioned webshops were Telegram channels where it's free to join. They usually provide some free tips and guides so you can just look them up. Share on X“I also can say that the Russian cybercrime ecosystem is very strong, too, and Ukrainian as well. But they don’t really target Russian or Ukrainian companies. They usually target western companies, and they are not so much into the carding and fraudulent operations. They’re more into hacking, which requires a more in-depth skill set of programming and social engineering.”
How to Organize RiskOps Against FraudOps
As mentioned at the top of this post, Anonymous X shared some fascinating insights in our interview, including many more such as:
- How fraudsters think about fraud management
- A typical journey from wannabe fraudster to vendor
- Technical tools of the trade
- And much more…
And the biggest takeaway is probably the fact that fraudsters aren’t scared to organize. It’s something we’ve covered in our fraud trends for 2021, and what businesses should be ready to fight against.
You might also be interested in reading about:
- SEON: How to Apply for a Loan with Stolen ID
- SEON: Browser Spoofing: How it Works & for Fraud Detection
- SEON: Device Spoofing: How it Works & for Fraud Detection
Learn more about:
Data Enrichment | Browser Fingerprinting | Device Fingerprinting | Fraud Detection API