What happens when scammers get scammed?

• Sophos examined 600 scams over a year that cost threat actors more than US$ 2.5 million.
• Attackers use classic techniques such as typosquatting, phishing, backdoored malware, and fake marketplaces to carry out their scams against each other.

Scammers continue showing that the wicked never rest. While their objectives—to obtain peoples’ financial and personal information—remain the same, their tactics constantly evolve to keep up with the times. In fact, scammers have upgraded their tactics and skills enough that some of them are even scamming other scammers because they are familiar with the operations, making it easier to avoid detection and get something out of them.

According to a recent report by Sophos, cybercriminals are scamming each other out of millions of dollars and using arbitration to resolve disagreements over the scams. The report also discloses how attackers use time-tested methods, some of which are decades old, to carry out their schemes against one another, including typosquatting, phishing, backdoored malware, and fake marketplaces.

For those unfamiliar with how the techniques work, let’s go through them one by one:

• Typosquatting: A type of attack that targets users who accidentally type the wrong website address into the URL field of their browser. Internet users frequently have no idea they are browsing or making purchases on a fake website. Fraudulent website owners could use this identity theft to deceive customers into giving up their personal information.
• Phishing: A type of online fraud that preys on people by sending them emails that look to be from legitimate companies, such as banks, mortgage lenders, or internet service providers.
• Backdoor malware: A type of malware that circumvents normal authentication processes to gain system access. As a result, remote access is granted to application resources, allowing criminals to run malware updates and execute system commands remotely.
• Fake marketplace: The website serves as a platform for frauds, such as fake goods, catfishing, and even hacking.

Hackers and fraudsters are no longer just skilled software engineers or computer professionals. The ease of technology today means that “noobs” could be responsible for a fraud incident that costs businesses and customers millions of dollars.

In APAC alone, the number of fraud incidences increased by more than doubled (178%) in the first quarter of 2021 compared to the same period in 2020. With increases of 250 percent and 650 percent, respectively, online banking fraud and account takeovers are the two most common occurrence categories.

How scammers are getting scammed

For this report, Sophos X-Ops experts looked to BreachForums, an English-language cybercrime forum and marketplace focusing on data leaks, and Exploit and XSS. Exploit and XSS are Russian-language cybercrime forums that offer Access-as-a-Service (AaaS) listings. There are designated arbitration rooms at all three locations.

The practice of scamming fraudsters is lucrative even though it occasionally results in mayhem among the “plaintiffs and defendants,” with some accused criminals either going dark and not showing up or labelling the complainants themselves “rippers.” Sophos examined 600 scams over the course of a year, with claims ranging from US$ 2 to US$ 160,000, costing threat actors more than US$ 2.5 million between them on just three sites.

Not all scams have purely financial motives. According to Matt Wixey, Senior Security Researcher at Sophos, personal beefs and rivalries were prevalent. Additionally, they discovered instances in which scammers would con the people who had scammed them.

“In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying US$ 250 to join a fake underground forum. The ‘winner’ of the contest received US$ 100,” Wixey added.

Furthermore, Sophos found that the argument and arbitration processes left behind a trove of untapped intelligence that security experts and law enforcement might use to better comprehend and thwart cybercriminal practices.

“Because criminals often need to offer up a lot of evidence when reporting the scams that they themselves have fallen victim to, they provide a wealth of tactical and strategic information about their operations—something which has been an untapped resource until now,” said Wixey. “These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims.”

---

---

---

---