Versatility is an attribute that many value — that kind of all-around utility player who can substitute for a key player or employee in a pinch.
That’s also the skill set of the “Arch Fraudster,” which makes them efficient as a fraudster and a dangerous nemesis to the online retailer.
In the most recent installment of the Meet The Fraudsters series, Gilit Saporta, senior fraud analyst at Forter, sheds light on this somewhat mysterious but dangerous fraudster profile. When the most sophisticated and advanced — both technologically and analytically — cyberattacks take place, Saporta said Arch Fraudsters are typically the culprits.
“These are the guys who are not necessarily limited to just stolen credit cards or spoofed accounts. They can be very versatile. We can see them using their tech expertise for eCommerce fraud one day and then malware attacks on banks the next,” she explained.
Their versatility is rooted in the Arch Fraudster’s ability to be both tech-savvy and business-savvy, a great combination in an employee but a treacherous combination in a fraudster.
The Bigger, Badder Fraudster
Arch Fraudsters have the savviness to move around segments and use different techniques to create problems for all types of online merchants. That, Saporta explained, makes them capable of carrying out a small number of thoroughly planned transactions to buy high-end items one day and then launch thousands of transactions to steal digital goods the next day. Their patience and tech expertise that gives them the ability to move from fraud tactic to fraud tactic also makes them hard to detect — and catch.
But how do these types of fraudsters acquire their skills?
Much like other fraudsters, it’s hard to nail down a single answer for how Arch Fraudsters are able to jump to the head of the cybercriminal ranks.
In many cases, Arch Frausters are just truly more creative and innovative than your average fraudster, Saporta noted.
While some share their insights and expertise on dark net forums, others will deliberately distribute false data to either troll less sophisticated fraudsters or create noise to distract from what they are really up to.
Staying Ahead Of The Fraudster Curve
Arch Fraudsters tend to have various motivating factors — obviously, making money, but they also like to prove how far advanced they are compared to the other run-of-the-mill fraudsters. That gives them the incentive to invest the time and money necessary to set up impressive operations and ensure they don’t get caught.
According to Saporta, this can mean purchasing brand new devices and machines for every attack and paying for VPN services to stay hidden behind extra layers of anonymity. Arch Fraudsters are also known for setting up very convincing spoof websites that look almost exactly like established merchants.
It’s no wonder fighting these fraudsters is no easy task.
“I’m always the advocate for automation, but this is an area where I think merchants need a combination of strong automated systems and strong research teams,” Saporta explained, “because if you reach that level of sophistication as a fraudster, then you’re not going to give up.”
In some cases, these cybercriminals will even throw out bait to lure in unsuspecting merchants that may be trying to hunt them down. In turn, these merchants only open themselves up to more vulnerabilities.
Saporta issued a stern warning against merchants trying to independently investigate Arch Fraudsters and looking into dark net forums, even if they get a lead, because it could just be a phishing trap.
“If a merchant feels that they are encountering this level of fraud, then trying to handle it on their own will be very difficult. It’s only with the aid of professional anti-fraud services that it is truly realistic to tackle it.”