Published on April 2nd, 2020 📆 | 2399 Views ⚑
0COVID-19 hurts travel fraudsters, but buoys traffickers of stolen card info
Just as legitimate businesses have had to make major adjustments to the realities of COVID-19, the cybercriminal underground economy has also had to stay nimble. Indeed, a new dark web report from Digital Shadowsâ Photo Research Team shows that some hacking forum members are in a struggle to keep their cybercriminal operations afloat, while others see new opportunities to scam the public.
Among the hardest hit cybercriminal operations are travel- and event-related fraud, bank fraud schemes that require a drop network of money mules, and âcarded goodsâ scams that rely on Amazon warehousing services for distribution, the Digital Shadows report states.
But on the bright side for cybercriminals, a drastic increase in online browsing and shopping activity opens the door to online carding schemes and malware distribution. Separate research from TransUnion â released late last March â appears to back up this notion. In a press release, the company noted a 23 percent increase in global e-commerce transactions in the week following the World Health Organizationâs March 11 COVID-19 pandemic declaration. And in a TransUnion survey of 1,068 American adults, 22 percent of respondents said they were targeted by digital fraud related to COVID-19.
The reason travel and event fraud is foundering isnât particularly hard to deduce: few people are traveling and large gatherings like sporting events and concerts have been cancelled.
While examining Verified, a Russian-language cybercrime forum, observed a user who complained in a post that âpeople are afraid of flying and the borders are closed.â Another said âeverything is closed for 2 weeksâ â a rather optimistic projection. And a third user who said heâs engaged in travel and hotel fraud since 2012 said he was âwithout earnings for an indefinite periodâ on a thread he titled âfind a job for an old man.â
Meanwhile, bank fraud schemes are suffering either because money mules or drop workers â whose job it is to collect funds that are fraudulently deposited into attacker-controlled accounts â have placed themselves in quarantine, or because the bank branch location they would normally visit is closed. One Verified forum member said that drop workers in Spain and Italy were afraid to leave the house.â
Finally, some cybercriminals engaging in carded goods schemes â buying merchandise using stolen credit card data and then selling them online at a reduced price â are noting that they are enable to abuse Amazon to advance their schemes because the Fulfillment by Amazon is only accepting household staples, medical supplies and other high-demand products until at least April 5. Digital Shadows says one Verified forum user grumbled that he or she was âforced to stop buying all illiquid assetsâ and was experiencing delivery issues due to âthe panic over the coronavirusâŚâ
On the flip side, a forum user reportedly said that the likely rise in online card transactions due to COVID-19 would been a boon to online carding â the trafficking of credit card, bank account and other personal info online â because âthe greater the volume and diversity of transactions, the more difficult it is to attribute fraud.â
And a member of the Russian- and English-language carding forum Club2CRD cybercriminals predicted that rampant internet use will also help cybercriminals who specialize in rerouting internet traffic to malicious domains to infect victims with malware.
Indeed, it was recently reported that malicious actors have been hijacking home routers from D-Link and Linksys and changing their DNS configurations in order to redirect Windows computer users to malicious content, in the form of a fake alert from the World Health organization. The alert instructs readers to download a supposed COVID-19 information app that in reality is the information-stealing malware known as Oksi.
The Digital Shadows report also notes that some underground vendors have swapped out their usual black-market merchandise with coronavirus medical supplies and equipment or fake cures.
Earlier this week cyber experts at Armor also noted this same trend in its own dark web report.
âLike organized crime groups, cyber underground criminals, who typically sell drugs such as heroin, cocaine,  methadone, and marijuana, are now profiting from the coronavirus pandemic. In the past week,  these scammers have started selling Chloroquine, N95 masks, surgical masks for exorbitant prices,â Armor stated in its blog post report.
Armor found that the vendors were selling surgical masks and N95 respirators with a 400 to 500 percent markup, and selling test kits for $39 to $44 even though the FDA has not approved at-home test kits.
âBrowsing messages and offerings on cybercriminal forums and marketplaces shows that coronavirus truly is proving to be a double-edged sword for threat actors,â the Digital Shadows report concludes. âSome enterprising cybercriminals may be relishing the increased earning opportunities that the current crisis will bring them, while others will be aghast at the thought of the swift destruction of the business models and reputations that have taken years to develop.â
Gloss