Anatomy of a Fraud Attack

Autor
Salvador Del Valle
February 16, 2024
Category 2
Puedes compartir
Tabla de contenido
This is some text inside of a div block.

In the gripping movie "The Imitation Game," a biopic of the renowned mathematician Alan Turing, there's a compelling scene where an MI6 officer highlights the urgency of breaking the Enigma code to have a chance in WWII. This scene resonates deeply with our current battle against identity fraud.

Like the intricate Enigma, the identity fraud market is a complex web of bad actors, each specializing in different stages of the attack – from account creation to executing the fraud. Imagine a coordinated workflow of these actors creating widespread havoc.

Scope of Work:

In Q4 2023, our Market Intel team embarked on a mission to uncover the mechanisms behind the transfer of fake accounts among fraudsters.

Key Findings:

1> Communication Channels

The dialogue between Buyers and Sellers is surprisingly straightforward. Platforms like WhatsApp, Telegram, Facebook, and Reddit serve as the conduits, with some groups having 1000s of followers ready to respond in less than 2 minutes.

2> Exploiting Vulnerabilities

Sellers thrive by meticulously understanding and exploiting the weaknesses in standard KYC and fraud prevention measures (e.g. completing the first payment on a loan or transacting more than $500 per day). This knowledge is then passed on to Buyers, enabling them to bypass safeguards meant to protect businesses.

3> Market Trust

Even in the shadowy world of fraud, trust is paramount. Sellers often offer warranties on the accounts they sell, akin to a 'money-back guarantee,' showcasing the unexpected level of sophistication in this illicit marketplace. In fact, using AI tools for Sentiment Analysis showed that 1 in 4 posts include mention of such warranties

Main Takeaway:

The current reliance on standard KYC and fraud prevention checks, which often focus on silver bullets (e.g., ID and liveness test, only) and isolated data points (e.g. phone  = ok, email = ok), is inadvertently fueling the buying and selling of fake accounts. A more comprehensive approach to tackling identity risk is needed across the globe, and LatAm is no different.

Disclaimer:

All research and activities conducted by our Market Intel team were purely for R&D purposes. No transfers of fake accounts were executed within the defined scope.