The Fraudster’s Greatest Liability
As innovative as they often seem, modern digital fraudsters also continue to rely on a familiar suite of tools and tactics.
Modern digital fraudsters are an innovative bunch. Yet, while it’s true they continue to find new and different ways to illegally profit off their illicit actions, they also rely on a core suite of techniques, technologies, and tools that reappear time and time again in attack after attack.
This week, we saw examples of many of these canonical tactics, including phishing, bust-out fraud, shipping scams, SIM Swap Fraud, data breaches, and more.
From Phil Muncaster, writing for Infosecurity Magazine, we learned about holiday phishing:
“Spammers behind one of the most prolific botnets of recent years have begun bombarding users with Christmas-themed phishing lures, according to researchers.”
Meanwhile, the trouble-prone Wells Fargo re-emerged in the news this week, courtesy of the banking giant apparently falling prey to something called “bust out fraud”:
“Wells Fargo estimates it lost more than $2.4 million in a “bust-out” fraud scheme that allegedly compromised more than 900 of its accounts through impersonating customers, according to a federal grand jury indictment filed Dec. 19.”
From CNBC, we learned about a particularly insidious form of shipping fraud that involves something known as a “car wrap” scam. Apparently, students are being specifically targeted:
“Such ‘car wrap’ scams work this way: Fraudsters send checks to college students to deposit into their bank accounts, and then request the student send back some of the money so a ‘specialist’ can put the ads on the car. Here’s the catch: That check the scammer sent is a fake.”
(To learn more about shipping fraud, and the car wrap use case in particular, please read this blog post and download this case study!)
Our next example of a canonical fraud tactic comes from Kenya’s The Standard, where we learned about significant financial losses suffered in a SIM Swap Fraud attack:
Last but not least, as reported by The Verge, we got news of another major data breach:
“Credit card and debit card numbers, expiration dates and customers’ names on the cards used at its in-store registers and gas pumps were among the data affected.”
Data breaches aren’t always understood to be fraud tactics, but it’s an enormous mistake not to consider them as such, because the data leaked in a breach almost inevitably becomes the raw material for future fraud attacks.
We mentioned at the start of this post that modern fraudsters are innovators, so while we’ve only been discussing familiar and fundamental fraud tactics so far, we felt it only right that we add an example of an innovative new tactic:
“Add another entry to the list of internet-connected devices causing problems in unexpected places. Touchscreen smart TVs from DTEN, a ‘certified hardware provider’ for popular video conferencing service Zoom, have flaws that hackers could use to essentially bug conference rooms, lift video feeds, or nab notes written on the device’s digital whiteboard.”
We’ll close out this week’s edition of This Week in Fraud Trends with a quote from someone who knows a little something about fraud:
“The fraudster’s greatest liability is the certainty that the fraud is too clever to be detected.” — Louis J. Freeh, 5th Director of the Federal Bureau of Investigation
Please join us next week for another edition of This Week in Fraud Trends, as we explore which fraudsters are trying to be too clever, and how they’re being stopped!
