PYMNTS.com: Fraud University: Class Is In Session21-Jul-2016
Welcome to Fraud Academy 101.
Though we often hear the sentiments that “fraudsters are just like us,” when it comes to getting an education and pursuing a career it could not be more true.
Wannabe cybercriminals looking to make a career in fraud can quickly and easily find the resources that may help them to progress from an amateur hacker to become an integral part of a cybercriminal organization.
In the latest installment of the Anatomy of a Fraud Attack series, Don Bush, VP of Marketing at Kount gave Karen Webster a look inside “Fraud University” and how fraudsters are making sure they have the right education to be the best cybercriminals they can be.
Let’s go inside the mind of a fraudster to get a firsthand account of where many cybercriminals get their start …
And, quite literally, step inside of their mind – painting a picture of the “bizarro” world that, as you’ll see, is one in which the fraudsters do the same things we do – except that it’s illegal.
Gonna Get My Fraud Degree!
Listen up fraudsters, class is in session.
As many before me, at some point it was time to sit down and really think about what I wanted to do with my life, Like many of my peers, I thought about going to college and possibly majoring in Business Management, History, or even Biology. Then it hit me, I knew exactly what degree I wanted: cyberfraud.
Why not? It’s lucrative, especially as more and more transacting – and information – moves online. And, on the internet, no one knows you’re a cybercrook. Well, it sometimes takes merchants a very long time to figure it out, anyway.
Now, you may think becoming a cybercriminal is a much different process than following other career paths, but you’re wrong. I needed training, networking and access to the right resources – the same things most people go to college for.
My answer was Fraud University.
It’s obviously more of a concept than an actual institution of higher learning, but the idea remains the same. In order to be a good cybercriminal, I needed a strong start and to learn from the best.
Through a myriad of online channels, it didn’t take long for me to find the right information to help me learn what I needed to know and to make the right connections with people out in the field.”
It may sound strange to you, but us fraudsters take our work seriously as well.
Our illegal operations are set up and run just like any legitimate business. We have an organizational structure and a hierarchy that can run from executives all the way down to entry-level positions. Keeping things running as smooth, efficient and as undetectable as possible takes a lot of work, and you can’t get that without a strong foundation.
We work just like you, to get accepted in our field, advance and build our careers, create networking opportunities, find things we specialize and excel in, etc.
Fraudster In Training
Getting a job in fraud is really just a matter of finding the right resume-building experience. I think of this just like an internship or any other entry-level position — you start at the bottom, learn the ropes and then try to work your way up to the top.
Think of it like this, in just 15 minutes and for around $1,500 I could have almost everything I need to start putting stolen data on fake payment cards. I could quickly and easily purchase tools like blank plastic cards, a magnetic stripe writer and reader, an imprint machine, etc. To put it simply, the barrier to entry is relatively low and with the help of online resources I was ready to go in no time.
Making it in the fraud game also has a lot to do with who you know.
To you legitimate professionals out there, you can think of it as networking. Fraudsters may not have LinkedIn, but we have our own ways of connecting, knowledge sharing, sourcing work opportunities, and helping each other excel.
We have our own networks where we can get introduced to people who can not only help us find work, but also develop our skillsets along the way.
One of my personal favorite ways to stay abreast with what’s happening in the cybercriminal world is with our industry news websites and newsletters.
Yes, we have those too.
These user-generated publications open the door to being able to learn about the latest and hottest fraud topics, “how to” guides, seminars on fraud techniques and relevant industry updates. From articles like “How To Get A Polish Identity” since that’s a quick ticket to cyberfraud action to “How To Become A Pro Carder,” we fraudsters take pride in keeping up to date with industry knowledge that can help us to advance our careers.
While some courses are free and others cost money, the point is that they are out there and available to use. This type of information helps us become smarter and more sophisticated by being able to share techniques, find new revenue streams and help others make their own way into the business.
It’s all about learning, growing and profiting with fraud.
The best thing is that these sites probably won’t be going anywhere anytime soon. Authorities and law enforcement agencies from around the globe just don’t know where to start when it comes to shutting us down. So, we hardly ever get caught.
And if we do, figuring out who brings the charges, well that takes too long. We know that it’s difficult for authorities to determine who has jurisdiction over a crime and who has the resources and expertise to actually address it. Unless I am in it for more than $250k at a time, the Feds don’t have the time – they have bigger fish to fry.
Tools Of The Trade
One of the biggest advantages we have is the fact that we are dispersed all over the world.
We’re able to make cybercrime work from pretty much anywhere as long as we have a solid internet connection.
We have plenty of ways to stay connected.
Chat rooms, social sites and networks, just to name a few. These online havens allow us to collaborate about what we are working on and share ways for us all to learn and get ahead.
People think of us as one-off hackers sitting in a dark room playing around, but that’s just not how it is anymore.
We’re professionals. And while we continue to build up our arsenal of skills, we also learn to specialize in different areas and tactics. Whether you enjoy reselling credit card information or stealing online identities, there’s a place for you in our ranks.
Lucky for us, we are able to innovate our activities while also relying on older methods of cybercrime.
The reason why we’re still sending fake emails and scams from “PayPal” and “Nigerian princes” to get your financial data is because it still works.
If it’s not broken, why fix it?
Just like bots, Trojans and malware, if it works successfully then we will keep on using it time and time again.
Selling account and payment data online has seen a big surge in recent years because of the number of data breaches, but we have our eyes on new high-value assets.
Those high-value assets? Personal data. Who needs card numbers when I can get personal information to open accounts and go to town.
With that personal information we can do so much more damage – open new accounts, have additional payment cards sent out, do complete account takeovers and more.
Knowing where you work, how much you make, your Social Security number and a bunch of other personal data opens huge doors for cybercrime.
My new favorite technique involves making synthetic IDs, which Bush describes as a Frankenstein of digital information.
I get a credit card from one area, a proxy from another area and a shipping address from another area. I’ve got all this information and I built this persona of a person who doesn’t exist, but electronically it looks real.
Not only are we getting more innovative, but we’re doing it faster than you think.
The career of a fraudster is a path of ongoing education.
Oh, and our class sizes are only getting bigger.