This is how the scam was tempered

[Carding Forum]

Over the past 10 years, experts from the F. A. C. C. T. Investigation Department have thoroughly researched the scam market. In a new blog, experts have described the evolution of online fraud — we suggest you read the first part: https://www.facct.ru/blog/online-scam-evolution/

What you will learn about

Criminal Drift: from Forums to Telegram channels

Once upon a time, shadowy Internet forums were centers of criminal activity. The damage caused by the activities of participants in such communities was small, but demand was growing, and by 2017-2018, the hierarchy of criminal sites was already clear and structured.

Manual for effective advertising

The scheme was called "advert" or "MA: FILES" (for working on Steam). The organizer provided everyone with links to phishing sites that mimic the pages of social networks or gaming platforms. The methods of distributing links and persuading the victim to enter their banking details were entirely delegated to the contractor, although simple manuals ("manuals") were provided to understand the mechanics of the work.

Premiere in "Antikino"

In 2018, the "Antikino" scheme (FakeDate) appeared, in which phishing links imitated private cinemas. Victims were searched on dating sites and social networks. The activity of the group organizers changed slightly: now it was necessary to quickly withdraw the stolen funds into cash or cryptocurrency.

The step of the "Mammoth"

In parallel with "Antikino", the "Mammoth" scheme ("Courier", Classiscam) appeared in Russia. It was in the "Mammoth" scheme that a qualitative leap forward took place: instead of a static phishing site template, scripts were used that created a page based on a specific marketplace ad. It was necessary to carefully extract and transfer the product photos, description and cost, and save the interface functionality. But the developers ' efforts have paid off many times over.

Read more in the blog at the link: https://www.facct.ru/blog/online-scam-evolution/

 

[Moshenik]

Informative

 

[Carding Forum]

The second part.

This time we will tell you how the scam industry developed in 2018-2020: from the automation of tools and the growth of the role of Telegram bots to the global expansion of the Mammoth scheme and the development of the scam subculture.

What you'll find out about

Development of tools. Everything necessary for the performer's work is concentrated in one messenger — Telegram. After creating an ad, the worker sent the bot a link — and immediately received a ready-made phishing page. If the scam took place, the bot sent a notification indicating the fraudster's share, which he could demand from the organizer.

Partner programs.
As the number of participants increased, some groups were reformatted into partner programs, where several teams operated under the leadership of one organizer.

"Mammoth" conquers the world. In 2020, scammers mastered almost all ad platforms in Russia, and therefore began to enter foreign markets, starting with the CIS. Despite the difficulties with cashing out funds, fraud in the EU countries turned out to be more profitable.

Scammer subculture.
Dozens of scam groups have formed their own media infrastructure, where services are advertised, workers are recruited, and conflicts are resolved. In separate groups, more profitable services are available for experienced workers, and newcomers are attracted through advertising in Telegram and TikTok.

Read the full version: https://www.facct.ru/blog/tak-zakalyalsya-skam-chast-2/

-----

Part three.

You'll find out:

Operation "Adaptation".
By 2022, the market began to respond to the growth of phishing pages and theft: ad platforms learned to identify and block scammers ' accounts, and bank anti-fraud systems also adapted. At the same time, the lifetime of phishing domains has been reduced. Many scammers have encountered difficulties. Large teams began to adapt to the new conditions.

Infrastructure evolution. Serious changes have taken place in the internal infrastructure of fraudsters. The functionality of phishing pages has become more complex, and management servers are accessed not directly, but through several "pads". Creating and maintaining such an infrastructure required serious developer competence and increased the cost of services — while at the same time making it possible to deceive victims more effectively.

"Merch", "cash out" and "profit".
Scammers did not have to invent anything new in the field of cashing out stolen funds. They started using "payment services", which provide ready-made pages for entering the victim's bank card data and withdrawing funds.

Marketing in service.
Scammers have started using classic marketing methods to attract victims to phishing pages, including through search results and social networks.

Marketplaces under the gun. The attackers started registering stores and placing products at attractive prices. They canceled orders under any pretext and redirected victims to phishing pages.

From "antikino" to "escort". In this scheme, scammers still looked for victims on dating sites under the guise of girls, but instead of simulating a romantic relationship and inviting them to a date, they directly stated that they work in the field of intimate services.

Read the full version of the third part here: https://www.facct.ru/blog/tak-zakalyalsya-skam-chast-3/