Recorded Future a analysé les données actuelles de la plateforme Recorded Future®, ainsi que des sources provenant du dark web et de l'intelligence open source (OSINT), afin d'examiner le paysage actuel des escroqueries et des stratagèmes de fraude en ligne populaires auprès des acteurs malveillants. Ce rapport intéressera tout particulièrement les spécialistes de la lutte contre la fraude et les défenseurs des réseaux, les chercheurs en sécurité, ainsi que les cadres chargés de la sécurité et de la gestion et de l'atténuation des risques de fraude. Ce rapport approfondit les conclusions présentées dans le premier rapport de la série sur la fraude publiée par Insikt Group, intitulé «The Business of Fraud: An Overview of How Cybercrime Gets Monetized» (Le commerce de la fraude : aperçu de la monétisation de la cybercriminalité).

Executive Summary

Online retail fraud is a persistent, multifaceted threat to businesses of all sizes and their customers and is likely to persist for the foreseeable future as consumers engage more with online retailers and shop more online versus at traditional “brick and mortar” stores. Also called e-commerce fraud, online retail fraud is the act of committing some form of fraud, such as a fraudulent transaction, on a web-based retail platform. Generally, cybercriminals will use stolen payment or account information to conduct these transactions. Some elements of online retail fraud also involve social engineering schemes that look to defraud a retail platform directly, as in the case with refunding scams against one’s customer service branch, or a third party, such as interception fraud or scams that target shipping companies.

Threat actors engaging in online retail fraud discuss the topic in multiple languages, primarily English, Russian, and Chinese, discussing methods, offering tutorials and guides, and selling various goods and services ranging from significantly discounted stolen gift card information to all-inclusive refunding services targeting major retailers. If major online retailers have implemented various methods of anti-fraud mitigation, threat actors often devise techniques to bypass anti-fraud measures, namely through anti-detection (anti-detect) browsers.

Key Judgments

• Online retail fraud will likely increase in the future as e-commerce platforms continue to grow in the coming years.
• We believe that threat actors will continue to demonstrate flexibility, adaptability, and opportunism amid a shifting e-commerce landscape, targeting emerging retail opportunities such as curbside pickup.
• Gift card fraud is its own type of service across the dark web and a way for cybercriminals to steal and launder money. Threat actors who specialize in gift card fraud operate dedicated shops due to its high demand.
• Refund fraud, or refunding for short, is both an entryway for threat actors to establish credibility on criminal forums and a growing avenue for threat actors to engage in criminal services against online retailers through social engineering.
• We believe that cybercriminals will continue developing and using anti-detection tools to circumvent organizations’ security mechanisms.

Note de la rédaction : Cet article est un extrait d'un rapport complet. Pour lire l'analyse complète, click here to download the report as a PDF.