The Circle of Fraud

ThreatMetrix. 2011 THE CIRCLE OF FRAUD In today's marketplace, online fraudsters have evolved from individuals and small groups, to professional worldwide networks. Just last year, fraud- related e-commerce revenue loss in the U.S. & Canada totaled an astounding $2.7 billion, according to CyberSource's 2011 Fraud Report. Here's an introduction to a typical fraud network and its operating methods. DANA BREACH accesses SAM SPAM purchases scripts from Dana that use fake information to register for social networking sites. the bank accounts full of stolen funds that Work-at- Home Wally set up for her. He then auto-creates many She also writes software THREATMETRIX fake social profiles. 593293 that compromises bank THREATMETRIX 582608 Sam uses the fake profiles, as well as phony Facebook apps, to send spam emails with links to viruses that accounts. The software intercepts user login sessions, enabling Dana to access their accounts. DANA BREACH SAM SPAM infect the recipients' devices. Finally, Dana sells her software to Sam Spam. Once Sam gets paid for every virus that's installed, he passes along the credentials from the infected computers to Connie Compromise. WORK-AT-HOME WALLY CONNIE COMPROMISE receives the stolen goods from Hugo and repackages uses Sam's stolen credentials from virus- infected computers. She is thrilled about the them for Dana Breach. He also transfers money to other bank accounts that recent data breaches by THREATMETRIX THREATMETRIX 236907 686070 organizations like LuzSec and Anonymous-they make her job much easier. Dana can access. WORK-AT- HOME WALLY CONNIE COMPROMISE Connie visits compromised online retailers and steals customers' credit card NOTE: Work-at-Home Wally was unknowingly recruited into this fraud network through a work-at-home scheme. information by using SQL injection attacks. She gathers customers' card numbers and personal information, and sends it to Frederick Fraud. Working overseas, HUGO HACKER uses Frederick's FREDERICK FRAUD is validated, stolen credit cards to tunnel through compromised computers and place online orders a part-time fraudster. He verifies the validity of Connie's stolen credit cards by sending out scripts to target gaming and gambling sites for the purchasing of virtual currencies. for luxury goods. Websites THREATMETRDX 339295 THREATMETRIX won't detect the invasion 382078 HUGO НАСKER because Hugo's IP address FREDERICK FRAUD mirrors that of the compromised computer. The instant transactions Hugo visits online hacker forums, where he pursues information about compromised devices that correspond to his batch of stolen identities. are approved immediately. Frederick tests the virtual currencies, using very little of the available funds, and passes the info on to Hugo Hacker. He uses a drop-ship to send the stolen goods to his cousin in the U.S., Work-at-Home Wally. The fraudsters depicted in this infographic represent a collective problem that requires a collective solution. Companies that prevent fraud, like ThreatMetrix, can easily identify these criminals using sophisticated cookieless device ID techniques that don't rely on personally identifiable information (PII). Here, these fraudsters can be caught without knowing their identity; they're represented simply by a number. Learn more at ThreatMetrix.com.