Stealing personal data or sensitive information doesn’t always require brute-force cyberattacks or massive data breaches.

Sometimes, it can happen just by having what seems like an innocent conversation with the wrong person. Enter the Sweet-Talking Fraudsters.

These Sweet-Talking Fraudsters don’t always need malicious code or cyberattacks to compromise information, instead their tools of the trade typically involve social engineering and social manipulation.

In the latest episode of the Meet The Fraudsters series, Gilit Saporta, senior fraud analyst at Forter, explains why this particular fraudster profile is one that should not be underestimated.

Whether it’s someone who sparks a conversation with the intention of getting a person to divulge their mother’s maiden name or a fraudster posing as a customer in order to persuade the victim’s bank to change their mailing address, Sweet-Talking Fraudsters are everywhere.

Saporta compared them to the so-called “magicians” in the film “Now You See Me,” who have small talk with someone and, by talking about their childhood, they manage to get that person to say their mother’s maiden name.

Even with very minimal pieces of data, Saporta said it’s easy for these fraudsters to manipulate a customer support representative at an eCommerce establishment or a person’s financial institution.

 

Putting People Skills To Work

For the Sweet-Talking Fraudster, their expertise lies in being friendly and unsuspecting.

Saporta explained that, oftentimes, they will friend a potential victim on Facebook to gather information or even stoop so low as to befriend their child on Facebook, hoping the kid may start chatting about family details.

Any information a Sweet-Talking Fraudster acquires can then be turned around and sold to more sophisticated cybercriminals. In many cases, a Sweet-Talking Fraudster’s lack of technical expertise is offset with their ability to gather data that can be used against both consumers and merchants.

While they may not be the cybercriminals making big-dollar scores or absconding with a lot of merchandise, they perpetrate these actions by selling information to the fraudsters that can.

“Think about the damage that they can do if they sell that information not to just one type of fraudster but to several as they usually do,” Saporta noted.

 

How To Stop The Sweet Talk

The ways in which Sweet-Talking Fraudsters use and sell the data they steal can make their activities very difficult to detect.

Saporta recommended that, in order for merchants to protect themselves from the schemes of this particular fraudster profile, they may have to rely on third-party authentication services.

But picking the right security vendor is key.

“I know of third-party services that will automatically approve any transaction where anyone passes security questions, and merchants need to grow out of this phase,” she explained, because, oftentimes, Sweet-Talking Fraudsters have the information in their possession that can bypass security questions.

Trusting a single point of authentication to safeguard consumers and transactions is a mindset Saporta noted the entire industry needs to let go of.

“It’s always about a constant analytical effort to map the legit behaviors and the fraudulent behaviors in your particular industry,” she said. “Anti-fraud mechanisms are always multi-layered, as they should be. You just can’t rely on a single silver bullet to handle everything.”

 

Versatility is an attribute that many value — that kind of all-around utility player who can substitute for a key player or employee in a pinch.

That’s also the skill set of the “Arch Fraudster,” which makes them efficient as a fraudster and a dangerous nemesis to the online retailer.

In the most recent installment of the Meet The Fraudsters series, Gilit Saporta, senior fraud analyst at Forter, sheds light on this somewhat mysterious but dangerous fraudster profile. When the most sophisticated and advanced — both technologically and analytically — cyberattacks take place, Saporta said Arch Fraudsters are typically the culprits.

“These are the guys who are not necessarily limited to just stolen credit cards or spoofed accounts. They can be very versatile. We can see them using their tech expertise for eCommerce fraud one day and then malware attacks on banks the next,” she explained.

Their versatility is rooted in the Arch Fraudster’s ability to be both tech-savvy and business-savvy, a great combination in an employee but a treacherous combination in a fraudster.

 

The Bigger, Badder Fraudster

Arch Fraudsters have the savviness to move around segments and use different techniques to create problems for all types of online merchants. That, Saporta explained, makes them capable of carrying out a small number of thoroughly planned transactions to buy high-end items one day and then launch thousands of transactions to steal digital goods the next day. Their patience and tech expertise that gives them the ability to move from fraud tactic to fraud tactic also makes them hard to detect — and catch.

But how do these types of fraudsters acquire their skills?

Much like other fraudsters, it’s hard to nail down a single answer for how Arch Fraudsters are able to jump to the head of the cybercriminal ranks.

In many cases, Arch Frausters are just truly more creative and innovative than your average fraudster, Saporta noted.

While some share their insights and expertise on dark net forums, others will deliberately distribute false data to either troll less sophisticated fraudsters or create noise to distract from what they are really up to.

 

Staying Ahead Of The Fraudster Curve

Arch Fraudsters tend to have various motivating factors — obviously, making money, but they also like to prove how far advanced they are compared to the other run-of-the-mill fraudsters. That gives them the incentive to invest the time and money necessary to set up impressive operations and ensure they don’t get caught.

According to Saporta, this can mean purchasing brand new devices and machines for every attack and paying for VPN services to stay hidden behind extra layers of anonymity. Arch Fraudsters are also known for setting up very convincing spoof websites that look almost exactly like established merchants.

Versatile.

It’s no wonder fighting these fraudsters is no easy task.

“I’m always the advocate for automation, but this is an area where I think merchants need a combination of strong automated systems and strong research teams,” Saporta explained, “because if you reach that level of sophistication as a fraudster, then you’re not going to give up.”

In some cases, these cybercriminals will even throw out bait to lure in unsuspecting merchants that may be trying to hunt them down. In turn, these merchants only open themselves up to more vulnerabilities.

Saporta issued a stern warning against merchants trying to independently investigate Arch Fraudsters and looking into dark net forums, even if they get a lead, because it could just be a phishing trap.

“If a merchant feels that they are encountering this level of fraud, then trying to handle it on their own will be very difficult. It’s only with the aid of professional anti-fraud services that it is truly realistic to tackle it.”

 

When it comes to real estate and cybercrime, it seems, it’s all about location, location, location.

With data breaches on the rise and online merchants constantly under threat, retailers may assume the most dangerous fraud attacks are coming at them from the faceless, nameless bad guys all over the world.

True. But cybercriminals are far from only the faceless, nameless group performing their illicit activities from the dark corners of the Earth. In fact, in certain cases, those who are geographically closest to a merchant can be the toughest to combat and among the most dangerous.

The latest installment of the Fraudster Profile Podcast Series, which takes listeners inside the various fraudster personas across a diverse and ever-growing group of cybercriminals, is focused on a very underestimated, but no less dangerous, segment: The Unfriendly Local Fraudster.

 

Why Proximity Matters

Fraudsters are as unique as fingerprints, it seems. Each have their own personalities and characteristics and apply their craft very differently to the online merchant world.

Local fraudsters — the ones that happen to be in the same country or even the same state of the merchants they are looking to scheme — can be a huge challenge to fraud systems.

As explained by Gilit Saporta, fraud analyst at Forter, there is a specific pattern of behavior among domestic fraud criminals.

“These are often the fraudsters who gain from experience after spending some time being a teenage or nonprofessional fraudster. Now, they are trying to make a living of it,” Saporta said.

That’s right: On-the-job training and climbing the corporate ladder are concepts that are alive and well in the cybercriminal world.

One method of attack by these unfriendly local fraudsters is trying to buy as many products as possible in order to quickly resell them, even if that means doing so from the back of a van somewhere, she added.

And though local fraudsters may not always be the most sophisticated, they still have a huge advantage in the form of resources and tools available to them.

“It’s like the fraudster next door who is knocking — that guy can get access to a variety of dropoff points and reshipping options that third-world countries aren’t going to be familiar with. Often, those are the guys who are easier to spot and catch,” Saporta explained.

For example, these local fraudsters know the geography so well — down to getting information about who might have stopped their mail or from Facebook pages about who might be on a family holiday and therefore away — that they can then intercept and change shipping addresses based on that knowledge to legitimate addresses. A package gets delivered on the front porch since no one is home — bad guy makes off with the loot.

In some cases, Saporta pointed out, these fraudsters are able to manage one bad transaction and then get another 10 through the door long before the merchant even realizes the products have been shipped to a legitimate address that may have been “compromised’ or an illegitimate one.

 

When Going Local Goes Bad

Every merchant has unique vulnerabilities.

For some, the unfriendly local fraudster can be the most dangerous type of cyberthreat, while others face a bigger risk from more sophisticated fraudsters.

But Saporta noted that both fashion, as well as electronic and gadget retailers, are repeatedly attacked by domestic fraudsters who are “very serious in their intention to succeed.”

Though there may always be specific red flags associated with unauthorized transactions, in order to detect unfriendly local fraudster attacks, merchants need to keep an eye out for unusual bulk purchases.

To do this, it helps if merchants have a very clear picture of the legitimate behavior characterizing good customers on their website so that a reseller or an affiliate program isn’t mistaken for a local fraudster.

The biggest risk when it comes to this fraudster persona, Saporta explained, is if merchants miss out on an opportunity when they see a rise in sales and site traffic because of the possibility that the increase in orders could possibly be fraudulent.

One of the other unique challenges is that, as local fraudsters mature, they have the potential to progress into being more multichannel fraudsters. Saporta said these unfriendly local types may even begin working in gift card fraud because of how easily they can translate those cards into cash. Some of these more mature fraudsters may also end up being early adopters of technology and go into mobile.

Saporta said that not only do these unfriendly local fraudsters have a more business-like mindset but they are true professionals who know how to cover their tracks and are not afraid to invest in their craft.

“They are really financially — and very likely emotionally — invested in the fraud factories that they are running,” Saporta emphasized. “Just because it’s fraud doesn’t mean it’s not their day job.”

 

We all know teenagers have a tendency to be a bit rebellious.

While some may be skipping school or making prank calls, there’s a growing demographic of teenagers out there with a new, more illicit hobby.

Fraud.

When it comes to fraudsters it’s easy to think of them as a faceless, nameless group of cybercriminals that come out to wreak havoc on payment systems and then retreat back to the hidden corners of the dark web.

But that’s just not the case.

Different segments of fraudsters have very different personas and motivations behind the activities they do.

In the new Fraudster Profile Podcast Series, Karen Webster is joined by Forter fraud analyst Gilit Saporta, who helps us to identify and break down the characteristics and personas within the diverse and ever-growing group of cybercriminals.

The latest installment focuses on a very surprising segment: teen fraudsters.

Just Teens Being Teens?

“With teenagers, we don’t believe that these guys are thinking of themselves as fraudsters to begin with,” Saporta explained, noting that in many cases teens may be exhibiting fraudulent behaviors but just see it as messing around or having fun.

Many teenagers today own smartphones and have an internet connection, so they essentially have the world in the palm of their hands.

With this type of access, they can quickly and easily take up what they think to be a “cool pastime,” such as using stolen credit card credentials to make purchases from their favorite game or seeing how many pizzas they can order before anyone notices.

And surprisingly, teenage fraudsters don’t always fit the mold of a thrill-seeking individual with highly sophisticated computer skills.

Saporta said that oftentimes the fraud attempts of teenage fraudsters take place with stolen card information that they may have picked up from a friend at school or perhaps a family member’s credentials.

“Sometimes you even see teenagers who aren’t that tech-savvy, but more often they have strong social media skills,” she added.

The Cyber Hierarchy

Though the threat posed by teen fraudsters places them on the lower end of the cybercriminal totem pole, the abundance of resources and support from the organized cyber ecosystem can still make them a problem for merchants.

What may be a prank or a game to a teen, still has the potential to cause harm to both merchants and customers alike.

And when these teenage fraudsters mature and decide to take their fraud activities more seriously, Saporta explained, they can certainly become more dangerous.

But the riskiest aspect of teen fraudsters is the fact that their activities can be very difficult to detect.

As Saporta pointed out, it can be hard to differentiate between the legitimate customer who just happens to be a teenager with consent to use a parent’s funding source, versus a teenager who is using a stolen credit card.

In many cases, teens committing fraud may not even realize their activities are fraudulent so they don’t bother to cover their tracks. On the flip side, those who are intentional in their fraudulent activities typically try to get creative when it comes to covering up their crimes, Saporta explained.

It’s not uncommon to see a teenage fraudster using pretty recognizable names – such as William Shakespeare, Justin Timberlake or even Kanye West – which may show they aren’t seriously trying to disguise themselves but may just view the fraudulent transaction as a gag, she added.

Putting Teen Fraudsters To Bed

Though Saporta couldn’t go into too much detail about Forter’s techniques for detecting and shutting down fraud perpetrated by teens, she did share what’s important to keep in mind when seeing these types of activities.

The first step for analysts to differentiate between the legit behavior and the fraudulent behavior of teens is to try to walk a mile in the fraudster’s shoes and to really picture themselves as that teenager looking to commit fraud, intentionally or unintentionally.

Saporta said that while seeing fraud committed at the teenage level is not a new phenomenon, it is one that continues to evolve and grow.

Over the last five years in particular, she’s noted that teens are moving from simply using family members as a source for stolen credit cards to going online to find stolen credentials.

It’s no wonder this trend has emerged, especially with the onslaught of data breaches in recent years that have made compromised payment data more accessible than ever before.

Whether teenage fraudsters grow up to become full-fledged cybercriminals or simply grow out of the rebellious fraudster phase is something that really can’t be generalized, but Saporta noted that the fraud attempts that used to be very easily characterized as coming from teens have continued to evolve to the next level.

It seems as though the well-oiled cybercriminal machine is working a little too well.

But, there’s always a silver lining.

“The good news is that it means many of the fraudsters are going to be demonstrating fairly similar behaviors and tactics,” Saporta pointed out, adding that this means there is also a pattern of bad behavior and good behavior that theoretically can be differentiated and tackled.