People have been getting scammed over the internet ever since they started logging on. While it might not surprise many that cybercriminals are not above scamming their own kind, one would think there might be some unspoken rule not to target their own — honor among thieves. However, a new report by Sophos suggests otherwise.
Cybercriminals have their own justice system of sorts, where administrators ban scammers and stop them from using the forum where they interact with other hackers. However, that’s not enough to stop some. Here is how they fall victim to the same scams they employ.
Matt Wixey — the senior threat researcher at Sophos — states how the company monitored website marketplaces where cybercriminals conduct business with each other. The investigation mainly focused on three websites. The first one is BreachForums, an English forum that replaced RaidForums, which was shut down by U.S. law enforcement.
The other two are Russian websites — Exploit and XSS. Wixey explains cybercriminals use these marketplaces to sell malware, hire other criminals to help with work, or auction credit card information. However, many of these transactions go awry, and as the report indicates, the irony is lost on the perpetrators.
The report mentions scamming crimes of this sort have been going on for years but are not widely investigated due to it happening to other criminals. These cybercrimes have formed a big business and have become a sub-economy. Cybercriminals have lost
Wixey also mentions that the reason
These scams have gotten so bad that the forums' administrators have started to step in. All three of the websites have arbitration rooms. This is where scamming victims can file complaint reports and moan about incidents to the marketplace admins.
In the report, Wixey shows many screenshots of the scams witnessed. One of the most common
However, there were also more elaborate and complex scams,
Wixey says that scam reports were filed for as little as $2, and in one extreme case, someone was scammed out of $130,000. This scenario involved someone selling a Windows kernel exploit. The seller handed the exploit over to the buyer with the agreement they would test it and then send payment.
However, at every stage, the buyer had excuses for not paying. The scam report was filed two months after the tradeoff and the seller had still not received payment. The victim stated they had done business with the buyer in the past and that some trust was involved.
A serious case of instant karma appeared in part two of the report Sophos released. This incident involved a cybercriminal buying a
Scams that target cryptocurrency —
The forum admins are aware of this scamming situation and
BreachForums took this one step further and posted a list of legitimate domain names it uses with a transparency report to show people it still has control of the website. Wixey says that most forums urge users to employ guarantors. These middlemen can help cybercriminals avoid being scammed.
However, this method might be ineffective, as Wixey has mentioned seeing scam reports about fake intermediaries. Wixey says the main way of dealing with these scams is the dedicated arbitration rooms that have been created. The reason why scammers getting scammed is relevant is due to the evidence they provide.
Admins require proof to take scam claims seriously. Typically cybercriminals are very cautious, especially on forums. However, Wixey says caution flies out the window when they are the ones being scammed.
They are happy enough to provide evidence such as screenshots of private conversations, chat logs, negotiations, identifiers and source codes. Wixey states these scam reports are filled with extensive intelligence that can be used to provide insight into how cybercriminals operate and interact with one another.
All this can be utilized to better understand and catch threat actors. Wixey mentions that monitoring these scam reports brought to light a large elaborate scam involving creating a fake replica of one of these marketplaces. When users tried to join this site — thinking it was the real deal — a $100 activation fee would greet them. Wixey and his team dug further into this scam and found another 19 websites created by the same group that functioned similarly.
The irony of scamming a scammer is lost on these threat actors. Although scam reports can be considered humorous, they also serve as a valuable asset to help apprehend these criminals. Unfortunately, many innocent people have fallen victim to scams, but it’s somewhat comforting to know that scammers fall for them, too.