Online courses train the next generation of credit card criminals
E-learning courses costing under $1,000 are giving aspiring cyber criminals the potential to make $12k a month, based on a standard 40-hour working week according to new research.
The study from digital risk management company Digital Shadows finds the courses, available to Russian speakers only, last for six weeks and comprise 20 lectures with five expert instructors. The course includes webinars, detailed notes and course material at a cost of RUB 45,000 ($745), plus $200 for course fees.
With the average Russian earning under $700 a month, it's easy to see why the potential to earn 17 times as much might be attractive.
Social engineering is given a heavy emphasis in the courses. Advice is given on how to manipulate people using knowledge of their local area in order to build rapport with the target and trick them into exposing information (such as PIN numbers), usually over the phone. As one instructor puts it, "...that's why I always advise to watch the news because with such incidents, it is possible to play beautifully."
The market for stolen credit card details is of course very lucrative, in just two of the most popular 'carding' forums 1.2 million card holder details are on sale for an average of $6 each. The least expensive cards are those needing further authentication to exploit. The main obstacle to this is the PIN of the cardholder, which can be tricky and time-consuming to discover.
"The card companies have developed sophisticated anti-fraud measures and high-quality training like this can be seen as a reaction to this," says Rick Holland, VP strategy at Digital Shadows. "Unfortunately, it's a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers. However, the benefit is that the criminals are increasingly exposing their methods, which means that credit card companies, merchants and customers can learn from them and adjust their defenses accordingly."
The study also finds that card criminals fall into four categories. Harvesters who do the dirty work of harvesting the payment card information. Distributors who will package, repackage, and sell on the card information. Fraudsters, who run the most risk of getting caught, will use stolen card details to make purchases or try to get cash. Finally monetizers include those who have been duped into operating drop addresses and those involved in the reselling of fraudulently acquired goods.
You can find out more about the world of card fraud on the Digital Shadows blog.