Cybercriminals also fall victim to scams, especially on dark web forums. Millions of dollars are transferred from one cybercriminal to another.
But that’s not all: scammed cybercriminals complain. Publicly. And thus expose the secrets of an entire underground economy.
$2.5 million in losses over the last 12 months
Online scams and fraud cost individuals and businesses billions of dollars every year. But good news: the cybercriminals who commit them are themselves not immune.
According to an analysis of underground markets by cybersecurity researchers at Sophos, cybercriminals have lost at least $2.5 million to other dark web scammers over the past 12 months. Only three leading cybercrime forums were included in this study, so the true figure is likely much higher.
For cybercriminals, defrauding cronies is undoubtedly an attractive prospect. There is indeed little risk that the police will get involved. Although some black market moderators offer arbitration procedures if someone is accused of running a scam, the anonymous nature of these cybercriminal forums means that in most cases a scammer risks being banned at worst. from the forum.
Overview of how cybercriminals work
For security researchers, complaints from defrauded cybercriminals are an opportunity to gain insight into how they work, and therefore to have a better understanding of their techniques and how to counter them.
These complaints can also help identify perpetrators. Indeed, while most cybercriminals are careful to conceal their identities, the information they share during the arbitration process can provide clues that could ultimately be used to find out who they really are and track them down.
“As forum rules require evidence to support scam accusations, harmed cybercriminals are quick to post screenshots of private conversations, source code, credentials, transactions, chat logs , and detailed accounts of negotiations or sales,” says Matt Wixey, senior threat researcher at Sophos. “It gives us insight into forum culture, how transactions occur, the tactical and strategic priorities of cybercriminals, their rivals and allies, their susceptibility to deception, as well as intelligence about them.” , he adds.
Meticulously planned scams
Most scams are related to unpaid or undelivered product or service stories. It can also be the delivery of an application that will ultimately turn out to be malware that can steal information or money from the buyer. These scams are called “rip-and-run” because the thief scams their victim and then flees, either deleting the posts or disappearing from the forum altogether.
But some cybercriminals also engage in long-term, meticulously planned scams. For example, in one project, someone created 19 criminal marketplaces and then tricked users into paying a $100 “activation fee” to join. Finally, others engage in scams out of pure malice, because they are angry with another user or because they think they have been victims of a scam.
When these disputes go to arbitration, it often happens that one or both of the parties involved will receive a warning or be banned. On a forum, the ban is even accompanied by the personal information that was submitted at the same time as the complaint. A technique which makes it possible to dissuade other scammers… and which makes the honey of the researchers.
Source: ZDNet.com