- A new study examines general bank fraud
- Fraudsters are overtly advertising "fraud lessons"
- Checks remain a prime fraud target
In their new expansion of The Business of Fraud: An Overview of How Cybercrime Gets Monetized, Recorded Future's Insikt Group® -- Recorded Future’s threat research division, comprising analysts and security researchers with deep government, law enforcement, military, and intelligence agency experience -- analyzed current data from the Recorded Future® Platform, dark web and special-access sources, and open-source intelligence (OSINT) between March 2021 and March 2022. The latest report: The Business of Fraud: Bank Fraud, observed and identified exactly how threat actors are conducting and even advertising the following types of bank fraud.
- Wire transfer
Throughout Recorded Future’s “Business of Fraud” series of reports, we have identified many tactics, techniques, and procedures (TTPs) being used by cybercriminals to facilitate online criminal activities. Many of these same TTPs, from harvesting and using compromised personally identifiable information (PII) to social engineering, are also being used to conduct banking and online banking account fraud. In this report, we examined cybercriminal activities around the following types of bank fraud due to their often going overlooked and to identify parallels with other types of financial-related fraud: accounting, loan, check, and wire transfer.
The report's key findings, as cited by Recorded Future:
- Threat actors are offering services and selling how-to guides and tutorials that include instructions on how to manipulate financial records, get approval for loans, and purchase compromised accounts that contain loan application information. Hackers-for-hire include the capability of accessing and manipulating records and documentations in their advertisements.
- Counterfeit checks are still in high demand and are often coupled with threat actors looking to conduct wire transfers or cash out. The means of creating a counterfeit check has become more automated and customized, with threat actors operating shops that focus on this service and whose user interface is easy to follow.
- Threat actors continue to use instant messaging platforms to advertise, negotiate, and sell services and listings that facilitate check, loan, wire transfer, and accounting frauds. These messaging platforms are all-encompassing when compared to the traditional dark web ecosystem (forums, marketplaces, and shops) in that they provide instantaneous communication, greater control in adding and removing listings, and are more readily available.
The Training Game
One of the most disturbing topics explored in the report is the booming business of training fraudsters, and overtly advertising these "classes":
Threat actors are offering services and selling how-to guides and tutorials that include instructions on how to manipulate financial records, get approval for loans, and purchase compromised accounts that contain loan application information. Hackers-for-hire include the capability of accessing and manipulating records and documentations in their advertisements.
We'd reported earlier on YouTube videos that give instructions -- for no stated reason -- on how to scrub ink from checks. It looks as though fraudsters feel safe supplementing fraud income with "educational" materials that share the secrets of the trade.
Checks are a Target
The report recognizes checks as a prime target for fraud:
As fraud is constantly evolving and technology has made significant progress, people can produce fake checks and money orders that are difficult for consumers and even bank employees to identify as fraudulent. In addition, services such as depositing checks via mobile applications (apps) or depositing them online have recently become more widely available, making life easier for bank customers, but also for fraudsters.
ABOVE: "Fogel 2010" looking for partners who can print checks for cashing out (Source: Verified Forum).
The report further explains that criminals utilize dedicated services that offer to create counterfeit checks such as ScanLab -- a dark web shop, which allows its customers to select the desired bank, check type, and amount. The Insikt Group provides a stern warning to financial institutions:
As a majority of bank related fraud involves compromised payment data and accounts, compromised PII data and bypass methods (among others) are used in accounting, loan, checking, and wire transfer fraud types in addition to other forms of fraud. These types of fraud are being actively sought after and advertised across the entirety of the dark web criminal ecosystem, with threat actors continuing to incorporate instant, encrypted messaging platforms into their methods for advertising, discussing, seeking, and selling services and products.
Bad actors continue to search for vulnerabilities within financial institutions to commit fraudulent activities. They are not going at it alone -- and neither should financial institutions when fighting fraud. Financial institutions are partnering with fintech companies to integrate multiple technologies, such as transactional analysis and image-forensic AI, to work in tandem to increase fraud detection capabilities. No bank should "go it alone" when combatting fraud.