- The 70+ best Black Friday TV deals 2024: Save up to $2,000
- This AI image generator that went viral for its realistic images gets a major upgrade
- One of the best cheap Android phones I've tested is not a Motorola or Samsung
- The best VPN services for iPhone: Expert tested and reviewed
- Docker Desktop 4.36 | Docker
Cyber-criminals Scammed Each Other Out of Millions in 2022
Cyber-criminals have lost at least $2.5m to scammers on just three underground sites in the past 12 months, according to Sophos.
The UK-based security vendor claimed that this “sub-economy,” in which cyber-criminals effectively defraud each other, has become big business.
In the first part of its new report, The scammers who scam scammers on cybercrime forums, Sophos senior threat researcher, Matt Wixey, claimed that the problem is now so acute that forum admins have created dedicated “arbitration rooms.”
“Personal beefs, rivalries and wanting to destroy (or sometimes enhance) reputations can all result in scams. And it’s not just small-time crooks. We saw prominent threat actors either accused of scamming or falling victim to scams themselves,” Wixey continued.
“We saw referral cons, fake data leaks and tools, typosquatting, phishing, ‘alt rep’ scams (the use of sockpuppets to artificially inflate reputation scores), fake guarantors, blackmail, impersonated accounts and backdoored malware. We even found instances where threat actors got revenge by scamming the scammers who scammed them.”
The report looked at three popular underground sites: Exploit and XSS, two Russian-language cybercrime forums that provide access-as-a-service (AaaS) listings, and the English language BreachForums, which specializes in data leaks.
Over 12 months, Sophos investigated 600 scams passing through arbitration on these sites, with claims ranging from $2 to $160,000.
Wixey argued that analyzing these disputes is a useful way to glean insight into cyber-criminals’ tactical and strategic priorities, rivals and alliances, and their susceptibility to deception.
“Threat actors are aware that criminal forums are monitored, and so often employ good operational security. When they’re victims of crime themselves – well, not so much,” he added.
“Because forum rules demand proof to support scam allegations, wronged threat actors will often happily post screenshots of private conversations and source code, identifiers, transactions, chat logs, and blow-by-blow accounts of negotiations, sales, and troubleshooting.”
Sometimes scammers create entire fake sites. Wixey claimed his research uncovered one group which built 20 imitation sites, including one that spoofed the popular Genesis Market. The ruse was to trick interested parties into handing over a $100 ‘activation fee’ to participate.