Depending on the industry and type of scam, fraudsters monetize credentials and data in a number of ways. While certain industries are familiar with phishing scams and understand how fraudsters monetize their data, it’s not necessarily clear for all industry verticals.
One of the largest, most well-known target of phishing attacks is financial institutions. Fraudsters leverage a number of social engineering scams to steal login credentials and credit card information from financial customers. Fraudsters can then sell stolen credentials and credit card information via social media, chat forums, underground marketplaces, etc. Leveraging anonymizer technology to access the DarkNet, fraudsters are providing buyer’s with a step-by-step guide to easily purchase stolen credentials and credit card information. Fraudsters also sell cloned credit cards at discounted price guaranteeing “promised funds.” In one example, MarkMonitor harvested data from the DarkNet that showed a fraudster was selling 50 stolen credits cards at $400 and 500 cards at $5,000.
What’s less obvious is how fraudsters monetize when targeting non-financial institutions. For example, why would fraudsters target a logistics company? One reason a fraudster targets a logistics company is so they can launder the money to make it useable. The scheme goes like this: the fraudsters gain access to an online account through a phishing site. Once the fraudster can get into an account they send out hundreds or thousands of envelopes – most are empty, but some contain a money order. The envelopes containing a money order are sent to the fraudster’s money mules – people who are responsible for depositing the money and initiating another untraceable money order thereby “laundering” the money. The envelopes that are empty are sent to random addresses, essentially making it difficult for law enforcement to track down the money mules. Overall, while it may not be “obvious” why and how a fraudster monetizes when they target a logistics company, you can be certain of one thing: there is always a motive behind a fraudsters action. Sometimes, the fraudster sends out phishing scams to complete their phishing scam cycle.
If you are starting to notice fraudulent activities targeting your customer base, there is one key question to understand: how are these fraudsters monetizing the data they are stealing?
Fraudsters are continuously evolving their strategies and targets. Phishing attacks may be designed for unexpected purposes, such as: to expand target lists for more phishing attacks, reselling of proprietary information that they’ve stolen, or even to blackmail their victims directly and request money to be sent in the form of bitcoins. It’s important to always consider the different attack vectors and how they relate to your products (think beyond just email scams; it can be social media, mobile apps, etc), understand the value that fraudsters can be generating from your products, and get visibility into how fraudsters are using data stolen from you.
While it may not always be obvious as to why fraudsters are targeting a particular company, thinking about how these fraudsters are potentially monetizing the information is an important consideration to build a better defense and mitigation strategy. Furthermore, it helps the organization understand the right level of investment for stopping attacks and recovering stolen data.