Cyber fraud – Unit 4

Cyber fraud
• Cyber fraud refers to any type of deliberate deception for unfair or unlawful
gain that occurs online. The most common form is online credit card theft.
Other common forms of monetary cyber fraud include non delivery of paid
products purchased through online auctions and non delivery of
merchandise or software bought online.
• Cyber fraud also refers to data break-ins, identity theft, and cyber bullying,
all of which are seriously damaging.
 Obtaining financial information
• Cyber Criminals typically obtain credit card data, online banking logins,
and other sensitive financial information using the following techniques:
• Phishing
• Network Intrusion
• Trojan Horses
• Real – world theft
 Obtaining financial information (Cont.,)
Phishing
• It typically involves setting up a fraudulent we site designed to look like the
legitimate website of a bank or other financial institution. These email urge
recipients to click on the link to the fraudulent website. The fraudulent
website records the information entered by the victim and sends it back to
the attacker who either uses the information to access the victims account
or sells the information to other criminals
Network Intrusion:
• Another common method of stealing information involves directly breaking
into the network of a retailer or other possessor of such information. For
example, Lowe’s Hardware and TJX ( the retailing giant that owns the T.J
Maxx ad Marshalls store chains ) fell victim to hackers who accessed their
network via a wireless connection in one of their store parking lots.
 Obtaining financial information (Cont.,)
Trojan Horse:
• One of the most sophisticated types of malicious code is a key logging
Trojan Horse; this program automatically installs itself on the victims
computer and remains dormant until the victim visits one of a
predetermined strings of Website URLs ( for example, a banking website).
The key logger then activates and stores the first few dozens or so
keystrokes entered by the victim ( a string that will include his or her login
password) and then sends it back to the attacker
Real World Theft:
• It is the most popular means of stealing financial information; it includes
such as tactics as installing “skimmers” on ATM machines that record
information from cards inserted in the machine and waiters at restaurant
stealing the information from credit cards used t pay for meals. Often the
thief does ot directly exploits such information but instead sells it online in
batches of dozens, hundreds or even thousands of compromised accounts
Buying/ selling stolen financial information
• Most transaction of stolen information are carried out through methods that
are extremely difficult to monitor. However, a number of active online
carding forums still exists; although almost all of them have some form of
registration, they tend to not engage in detailed ‘vetting’ of new applicants,
and verisign iDefense analyst have been able to gain access to most carding
forums simply by registering for accounts.
• Web sites that trade stolen credit card and other financial information
generally fall into one of the following categories:
o Carding forums
o Dumps vendors
o non carding related forums
o notable carders
 Carding
• “The unauthorized use of credit and debit card account information to
fraudulently purchase goods and services.”
• Dumps - information electronically copied from the magnetic stripe on the
back of credit and debit cards.
– Track 1 is alpha-numeric and contains the customer’s name and
account number
– Track 2 is numeric and contains the account number, expiration date,
the secure code (known as the CVV),and discretionary institution data.
• PIN - Personal Information Number
• BIN - Bank Information Number
• Full Info” or “Fulls” - a package of data about a victim, including for
example address, phone number, social security number, credit or debit
account numbers and PINs, credit history report, mother’s maiden name,
and other personal identifying information
 Types of Carding
• Carding Online
– Using stolen credit cards to purchase goods & services online
– Carding to a drop - having goods sent to another physical address
– Cobs - changing billing address with credit card company
• In-Store Carding
– Presenting a counterfeit credit card that had been encoded with stolen account
information to a cashier at a physical retail store location
– More risky
– Higher level of sophistication
• Cashing
– The act of obtaining money, rather than retail goods and services, with the unauthorized
use of stolen financial information
– Pin Cashing - Using dump information to encode a strip on a card to use at ATMs
• Gift Card Vending
– Purchasing gift cards from retail merchants at their physical stores using counterfeit
credit cards and reselling such cards for a percentage of their actual value
– Sales maybe online or face-to-face
 Carding Forums
• Tutorials on different types of carding-related activities
• Private and public message posting enabling members to buy and sell
blocks of stolen account information and other goods and services
• Hyperlinks for hacking tools and downloadable computer code to assist in
network intrusions;
• Other exploits such as source code for phishing webpages
• Lists of proxies
• Areas designated for naming and banning individuals who steal from other
members
 Carding Websites (all disabled)

• www.shadowcrew.com
• www.carderplanet.com
• www.CCpowerForums.com
• www.theftservices.com
• www.cardersmarket.com
Sample Carding Web Sites
 Dumps Vendors
• A single vendor typically owns websites that only advertise that particular
vendors wares. Some of these vendors have their own URLs, and other set
up shop on popular free hosting services such as yahoo
• Two major dumps (stole credit card and bank account information )
vendors are:
• Http://carders0.tripod.com/: This is Russian language vendor offers
thousands of dumps for sale, as well as plastics (actual forged credit cards)
and forged IDs
• Dump Vendor #3 (URL frequently changes): This vendor sells wares
through a variety of websites hosted by Yahoo. It offers hundreds of dumps
for sale, from a variety of banks and credits. The vendor updates this
websites on a daily basis
 Non carding related forums
• Law Enforcement has shutdown or transformed more and more carding
forums into sting operations, carders are increasingly conduct their business
on non carding related forums. They typically choose such forums for
convenience, accessibility and the fact that they are infrequently
moderated, rather than for any other reason.
A screenshot of a website for a popular Russian
language dumps vendor
Non carding forum being used for carding related
transaction
 Notable carders
• Another forum of note was called Cardersmarket, which was launched in
2005 by “iceman” (a.k.a. Max Vision) after he hacked four rival forums
and merged the user accounts into his own site. These forums included
DarkMarket, talkCash, ScandanavianCarding, and the Vouched. These
forums all provided a means for users to buy, sell, and trade stolen
information, with a focus on credit cards. iceman was arrested for hacking-
related crimes targeted at U.S. government agencies in 1998, and in
exchange for a lighter sentence, he agreed to work as an informant.
Following his release, he worked in the San Francisco area as an
information security consultant, while maintaining Cardersmarket. The site
remained operational until 2007, when iceman was arrested for fraud-
related charges as a result of his continued involvement. During the
operation of Cardersmarket, it was alleged that iceman sold tens of
thousands of stolen credit card numbers through the forum. He also used as
many as five different nicknames on the forum, hoping to confuse law
enforcement by separating his administrator functions from his illegal
activities
A carding posted by “Digits” offering USA 100%
approved Dumps for sale
Average prices for various stolen financial information
available online