GoDubai
  
  
  
  
Citylife > Press Release
  Home Contact us Add to Favourites
Most Recent Postings
More Press Releses
Featured Sections

Event Finder
A daily roundup of exhibitions, promotions and other events in Dubai and the rest of the Emirates.
Submit an Event
Latest Dubai Press Releases >> Banking and Investments

 
  Share
  • Reveals step up in sophistication with Russian language e-learning courses, allowing aspiring criminals to make $12k in monthly earnings
  • A snapshot of just two of the most popular criminal forums finds 1.2 million card holder details are on sale
Dubai, UAE, July 20, 2017:   Digital Shadows, the industry leader in digital risk management, today reveals the findings of an in-depth study carried out by its team of multilingual analysts assessing the changing habits and tactics of organized credit card fraud gangs. It points to increased sophistication of a professional ecosystem as fraudsters seek to up-skill themselves and novice would-be cyber criminals.
 
By analyzing hundreds of criminal forums, Digital Shadows discovered a new trend in the form of remote learning ‘schools'. Available to Russian speakers only, these six-week courses comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material. In exchange for RUB 45,000 ($745) (plus $200 for course fees), aspiring cyber criminals have the potential to make $12k a month, based on a standard 40-hour working week. Given the average Russian monthly wage is less than $700 a month  it means cybercriminals could make nearly 17x more than a ‘legitimate' job.
 
Interestingly, a criminal ‘code' appears to exist on many of the Russian-origin carding forums, whereby no Russian card details are permitted for sale.
 
The criminals are going after a potentially lucrative market. In just two of the most popular ‘carding' forums nearly 1.2 million card holder details are on sale for an average of $6 each. However, prices do vary dependent on the level of security associated with the card and cardholder. The least expensive cards are those requiring further authentication to ‘cash out'. The main obstacle to this is the PIN of the cardholder, which can be tricky and time-consuming to find out. Therefore, there exist automated services which call cardholders in the Middle East in an attempt to scam their details using social engineering techniques.
 
Social engineering is given a heavy emphasis in the courses. Advice is given on how to manipulate people through knowledge of their local area in order to build rapport with the target and trick them into exposing information (such as PIN numbers), usually over the phone. As the instructor puts it “that's why I always advise to watch the news because with such incidents, it is possible to play beautifully.”
 
“The card companies have developed sophisticated anti-fraud measures and high quality training like this can be seen as a reaction to this”, said Rick Holland, VP Strategy at Digital Shadows. “Unfortunately, it's a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers. However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust their defenses accordingly.”
 
The research found that credit card criminals fall into four main groups (with some overlapping between each)
  • Payment Card Data Harvesters - do the ‘dirty work' in terms of harvesting the payment card information. This is done through intercepting card holder's information whether this be through point of sale malware, skimming devices, phishing, breached databases, or through operating botnets
  • Distributors – are the ‘middle men' who typically make the most money. While the criminals who harvest may use the card data themselves, they also sell it on to others who will package, repackage and sell on the card information
  • Fraudsters - run the most risk in terms of getting caught by law enforcement or being conned by fellow criminals. Once fraudsters have acquired payment card information from their distributor, the fraud can happen. These individuals tend to be less technical and attract a lower calibre of cybercriminal, often relying on online guides and courses to learn the latest techniques
  • Monetization - There are many different roles within the stage, including those who have been duped into operating drop addresses and those involved in the reselling of fraudulently acquired goods.
Rick Holland, VP Strategy at Digital Shadows continues: “This ecosystem is highly complex and international. At each stage, it creates victims – from the card industry that loses $24 billion a year to consumers who are frequently duped into revealing their card details. One of the key themes that stood out for us is the level of ‘social engineering' criminals are now using. Aggressive and manipulative phone calls to victims to reveal PIN numbers is just one example of this.”
 
Digital Shadows offers the following five tips for consumers:
  1. Don't be part of a cashing out scam. Be wary of job postings offering well-paid jobs to re-ship goods, often offering to work from home. Fraudsters go to great lengths to make these companies look legitimate.
  2. Protect your PIN. Never share your PIN over email of phone, no matter who says they are calling.
  3. Be picky about who you shop with. If shopping somewhere new, ensure the shop uses 3D Secure.
  4. Take care when booking travel and hotels. Offers that appear too good to be true often are. Act with caution if using a travel agent you have not previously used; this is a common scam for fraudsters.
  5. Check your statements carefully. Check your bank statements carefully for irregular purchases - even those that appear in a nearby location and for small amounts. Alert the bank if you suspect fraudulent activity.
Digital Shadows offers the following five tips for merchants:
  1. Learn about latest techniques. Criminals will do what they can to avoid friction. If certain banks have better anti-fraud measures, the instructors recommend avoiding them. Understand what makes carding difficult. 3D secure, for example is an additional layer of security deployed by Visa and Mastercard, is proven to be a real obstacle for criminals. 
  2. Make security as important as user experience. There must always be a balance between security and user experience, but online merchants should be aware that criminals are turning to mobile apps to commit payment card fraud as it provides them with less obstacles. 
  3. Monitor for mentions of cardable sites. Criminals share lists of cardable sites; if your company name crops up, it's a good indication that you are experiencing fraud. Companies can search with the help of Google Alerts or open source web crawlers like Scrapy to look for mentions of their brands.  
  4. Train your staff and your customers. Remember that the most advanced methods all involved social engineering. 
  5. Don't be part of the problem. Cashing out is only one small part of the fraud; the harvesting of credit card information is required first. Protect your customers' credit card information by storing the information securely and ensuring payment software is patched. 
Digital Shadows offers the following five tips for card providers:
  1. Detect phishing with DNS Twist. Proactively monitor for permutations on your domain name, which could help you to detect any criminal seeking to harvest information from your customers.
  2. Understand threats against your customers. Monitor the activity of banking trojans, such as Trickbot, to identify patterns in their targeting and techniques used to gain access to your customers' computers.
  3. Monitor for AVC shops for BINs and IINs. Monitor for Bank Identification Numbers (BINs) and Issuer Identification Numbers (IINs) that are offered for sale. In many cases, it is possible to free text search and filter by BIN numbers. 
  4. Monitor IRC checking channels. Monitor IRC checking channels for BINs and IINs that are indicative of a criminal testing an individuals' card.
  5. Benchmark yourself against peers. Understand which card providers fraudsters recommend not using, and use this to understand where your company stacks up.



Posted by : GoDubai Editorial Team
Viewed 9614 times
Posted on : Thursday, July 20, 2017  
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of GoDubai.com.
Previous Story : Supreme Legislation Committee reveals Integrated Legislative System's updated strategic plan to supp...
Next Story : Dubai Islamic Bank Group 1st Half 2017 Financial Results
Email this article Print this article

Share this article with your friends and followers
NewsVine

Comments

Back to Top  
Most Viewed Press Release posted in the last 7 days
Treat Your Skin this Summer with Skin Republic's Refreshing Face Masks
Trend Alert! Summer Can Never Be a Forgotten Memory With kate spade
Sacoor Brothers launches FIRST ever Fragrance “GENTLEMAN”
Caudalie The Des Vignes
Get Your Summer Glow From Within
Palmer's Coconut Oil Formula for Body and Hair
Corum Presents La Grande Vie
Caudalie and Al Jalila Foundation Join Hands for the Launch of ‘Glamour for Good'
LG launches new AI-powered premium LG G7 ThinQ+ flagship for GCC consumers
Manero Flyback A Modern Take on a Retro Style
Tissot Lepine It's making a comeback Vintage
The Memovox Adventure
Express Your Signature Style
Blackberry Key2 Available in the Middle East Starting Today
The Rado HyperChrome Skeleton Automatic Chronograph Limited Edition
New short indie movie ‘The Peril' is a wake-up call to parents about internet sa...
Dubai Parks and Resorts and GEMS Education launch the second annual Summer Camp
Manero Peripheral (43 Mm) Classic Watchmaking Meets State -of-the - Art Technology
The Lacoste Family Capbreton Collection
Ferrari takes the “Red Dot: Best of the Best” design award for the fourth year r...
Inaugural class of 50 distinguished Qimam Fellows graduates in Riyadh
OMEGA's second "Speedy Tuesday" sells in 01:53.17
Turkish Airlines signed a significant global agreement with American Express Glo...
Beat the heat with mini dresses
Olivia Burton Watercolour Florals
Sandooq Al Watan and DarkMatter Launch Second Phase of "Emirati Coder"
Ulysse Nardin Salutes Us Navy With Limited Edition Executive Skeleton Tourbillon
Director of Dubai Customs discusses fostering business with South Korean Consul ...
Tridom, Ras Al Khaimah's first indoor adventure park, opens its doors in Manar Mall
UK College of Business & Computing inaugurates its first International campus in DIAC
UAE's Emirates Transport Chooses Oracle Cloud to Drive Rapid Expansion and Deliv...
The most anticipated launch of the year - The new Mercedes-Benz G-Class arrives ...
Open Dairies by Parmigiano Reggiano Consortium: A gastronomical event for touris...
Airbus unveils winners of its ‘Entaliq in KSA' initiative
World-first as the F1® Innovation Prize prepares to transform fan's winning tech...
CCC identifies the digital tech megatrends to construct a future virtual world
DHL Express drives energy efficient solutions with new electric vehicles in Dubai
Enjoy an all-day breakfast at Sophie's Café
CNN's Inside the Middle East explores the rising profile of the Arab film industry
Shopping assistance for Arabic-speaking passengers in the summer months
Etisalat launches region's first ‘Annual Add-on' data packs
Union Coop's ‘Final Reduction' Success leads to ‘Flash Sale' Promotion to deligh...
Outstanding Guide programme launched by Sharjah Museums Authority
Al-Futtaim Toyota delivers a large fleet of Toyota Camry Hybrid Electric Hybrid ...
Milestone Landscaping LLC registered against the provisions of international qua...
Bachelor of Pharmacy Receives International Certification from ACPE
Launch of PINAR Water - Turkey
Dubai Business Women Council witnesses 28.3% growth in total membership during f...
Emirates makes history with one-off A380 touchdown in Islamabad
Abu Dhabi Airports Celebrates Success at CIPS Middle East Supply Management Awards