Cybercrime Inside the Next-Level Fraud Ring Scamming Billions Off Holiday Retailers


Thread author
Staff Member
Malware Hunter
Jul 27, 2015
Quote: " Fraud rings don't have to fuss with all the mundane details of running a business - the scam is the business.

It's that tidy business model that has enabled a new e-commerce threat group to leave its mark in November with what one researcher calls the largest attack of its kind in the past 20 years. And they're just getting started.

The particularly prolific Southeast Asian-based e-commerce threat group has been able to build up a sophisticated operation stacked with data science, fraud detection, online payments, and e-commerce expertise that so far has enabled them to rip off an estimated $660 million in stolen laptops, cell phones, computer chips, gaming devices, and more in November, according to a new report from Signifyd researchers. The threat actors use stolen credentials and account takeover to place orders from unsuspecting consumers' accounts, often using stored payment methods. Then, they re-ship them to Asia for repackaging and resale at a premium. According to a tandem report earlier this month on the ring, the group uses mules to do the dirty work of reshipment, often under duress. "Additionally, if the MSHT (Modern Slavery & Human Trafficking) connections that have appeared can be confirmed, this fraud ring also manipulates people to coerce them to become part of the attack," according to that analysis, from Chargelytics Consulting.

In all, the group targeted a massive $3.3 billion worth of e-commerce merchandise during November, the busiest shopping month of the year, according Signifyd's team, which has been following the group's illicit activities for more than a year.

"What was unique about this fraud ring was that they revved up really quickly. They're fast and strong," said Ping Li, Signifyd vice president of risk and chargeback operations at Signifyd, in its report this week. "They probably had been preparing for it for a long time, and then they launched a war just before our holiday season." Li, who has studied how to stop e-commerce fraud for two decades, ranks this attack as the most dangerous she's ever seen, because of its ability to attempt large numbers of fraudulent transactions per minute, which in one case Signifyd analysts observed kept up for a full day. "Normally, when we see an attack on one merchant, the attack has its own characteristics. And then you see a very different kind of attack on another merchant," Li said. "But this one is just universal. It's everywhere. This is the first time I have seen an attack of this size and scale in our network."

The scammers are also apparently not concerned about being caught. "They kind of leave their signature," Li said. "They are not really trying to hide. It's like, 'Catch me if you can.'"

Besides the operation being stacked with technology know-how, Michael Pezely, Signifyd's director of risk intelligence, tells Dark Reading that the e-commerce threat group has sheer speed and volume of scam transactions on its side. "E-commerce orders — particularly at the enterprise level — arrive at dizzying speed," Pezely says. "Signifyd, for instance, processed as much as $42 million an hour in orders during Cyber Week. It would be virtually impossible for a human team to review that volume of orders for signs of fraud."

Pezely added that merchants are on the lookout for goods being shipped to a foreign country, but this group of scammers places orders that appear to originate from the US and ship to US addresses.

"Furthermore, if a merchant is relying on only its own transaction data, there likely will be a lag between the time a fraud attack begins and when it is recognized," Pezely explains. "Without having the benefit of seeing millions of transactions across thousands of merchants, a novel fraud attack might not be in plain sight for some time." "

Full source:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.