paint-brush
Cybercriminals Fall for Scams Tooby@zacamos
168 reads

Cybercriminals Fall for Scams Too

by Zac AmosJuly 14th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Increasingly, scammers are falling victim to the same tricks they employ and are getting scammed by other scammers. The most common scams are rip-and-run scams, and others include backdoor malware, blackmail, and fake guarantors. Cybercrime forums have even introduced admins to reduce scamming — and since this moderation requires evidence, the scam reports can actually be used to further learn how the scams work.

People Mentioned

Mention Thumbnail
featured image - Cybercriminals Fall for Scams Too
Zac Amos HackerNoon profile picture

People have been getting scammed over the internet ever since they started logging on. While it might not surprise many that cybercriminals are not above scamming their own kind, one would think there might be some unspoken rule not to target their own — honor among thieves. However, a new report by Sophos suggests otherwise.


Cybercriminals have their own justice system of sorts, where administrators ban scammers and stop them from using the forum where they interact with other hackers. However, that’s not enough to stop some. Here is how they fall victim to the same scams they employ.


Scamming Scammers Is a Big Business

Matt Wixey — the senior threat researcher at Sophos — states how the company monitored website marketplaces where cybercriminals conduct business with each other. The investigation mainly focused on three websites. The first one is BreachForums, an English forum that replaced RaidForums, which was shut down by U.S. law enforcement.


The other two are Russian websites — Exploit and XSS. Wixey explains cybercriminals use these marketplaces to sell malware, hire other criminals to help with work, or auction credit card information. However, many of these transactions go awry, and as the report indicates, the irony is lost on the perpetrators.


The report mentions scamming crimes of this sort have been going on for years but are not widely investigated due to it happening to other criminals. These cybercrimes have formed a big business and have become a sub-economy. Cybercriminals have lost more than $2.5 million in the last year across these three forums.


Wixey also mentions that the reason for these online scams is often not about money, as one would naturally assume, but in many cases about rivalries and wanting to destroy reputations or personal beef. He goes on to say that not only small-time cyber criminals commit or fall for these crimes but also prominent threat actors.


These scams have gotten so bad that the forums' administrators have started to step in. All three of the websites have arbitration rooms. This is where scamming victims can file complaint reports and moan about incidents to the marketplace admins.


How Are Scammers Getting Scammed?

In the report, Wixey shows many screenshots of the scams witnessed. One of the most common was rip-and-run scams — where a seller sends the item but the recipient refuses to pay, or the seller receives the money but does not send the item.


However, there were also more elaborate and complex scams, such as backdoor malware, blackmail, and even fake guarantors — someone acting as the transaction’s intermediary. Wixey mentions an instance where a scammer took revenge and scammed the person that scammed them.


Wixey says that scam reports were filed for as little as $2, and in one extreme case, someone was scammed out of $130,000. This scenario involved someone selling a Windows kernel exploit. The seller handed the exploit over to the buyer with the agreement they would test it and then send payment.


However, at every stage, the buyer had excuses for not paying. The scam report was filed two months after the tradeoff and the seller had still not received payment. The victim stated they had done business with the buyer in the past and that some trust was involved.


A serious case of instant karma appeared in part two of the report Sophos released. This incident involved a cybercriminal buying a fake copy of Axie Infinity — a cryptocurrency game — with an uninvited guest attached.


Scams that target cryptocurrency — often called a rug pull — are not new but can be devastating. The idea is to steal the funds legitimate users were transferring. However, this is not how it played out. The seller of the item had inserted backdoor malware into the product. Instead of sending the funds to the person who bought the scam, it was sent to the seller.


Why Scammers Getting Scammed Is Relevant

The forum admins are aware of this scamming situation and have implemented warning signs on their sites to invoke caution from users. Wixey mentions that another marketplace website — Verified — has stated it’s aware of fake links to its site and instead advises users to utilize plugins to detect scams.


BreachForums took this one step further and posted a list of legitimate domain names it uses with a transparency report to show people it still has control of the website. Wixey says that most forums urge users to employ guarantors. These middlemen can help cybercriminals avoid being scammed.


However, this method might be ineffective, as Wixey has mentioned seeing scam reports about fake intermediaries. Wixey says the main way of dealing with these scams is the dedicated arbitration rooms that have been created. The reason why scammers getting scammed is relevant is due to the evidence they provide.


Admins require proof to take scam claims seriously. Typically cybercriminals are very cautious, especially on forums. However, Wixey says caution flies out the window when they are the ones being scammed.


They are happy enough to provide evidence such as screenshots of private conversations, chat logs, negotiations, identifiers and source codes. Wixey states these scam reports are filled with extensive intelligence that can be used to provide insight into how cybercriminals operate and interact with one another.


All this can be utilized to better understand and catch threat actors. Wixey mentions that monitoring these scam reports brought to light a large elaborate scam involving creating a fake replica of one of these marketplaces. When users tried to join this site — thinking it was the real deal — a $100 activation fee would greet them. Wixey and his team dug further into this scam and found another 19 websites created by the same group that functioned similarly.


The Irony in Scamming a Scammer

The irony of scamming a scammer is lost on these threat actors. Although scam reports can be considered humorous, they also serve as a valuable asset to help apprehend these criminals. Unfortunately, many innocent people have fallen victim to scams, but it’s somewhat comforting to know that scammers fall for them, too.