{"id":24807,"date":"2024-07-03T07:30:29","date_gmt":"2024-07-03T15:30:29","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/07\/03\/news-18537\/"},"modified":"2024-07-03T07:30:29","modified_gmt":"2024-07-03T15:30:29","slug":"news-18537","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/07\/03\/news-18537\/","title":{"rendered":"Inside the workings of fraud-as-a-service | Kaspersky official blog"},"content":{"rendered":"<p><strong>Credit to Author: Kaspersky Team| Date: Wed, 03 Jul 2024 15:11:42 +0000<\/strong><\/p>\n<p>A scammer these days doesn&#8217;t need to know how to write malware or think up sophisticated digital fraud schemes. Today&#8217;s scams come prepackaged in the form of fraud-as-a-service (FaaS). The average scammer only needs to search for victims and then drain their wallets\u00a0\u2014 the operator takes care of the rest.<\/p>\n<p>Today, we look at a group that specializes in <a href=\"https:\/\/www.kaspersky.com\/blog\/message-board-scam\/51379\/\" target=\"_blank\" rel=\"noopener\">classifieds-website scams<\/a> to explain what turnkey phishing is, and how best to <a href=\"https:\/\/www.kaspersky.com\/premium?icid=gl_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\">defend<\/a> against it.<\/p>\n<h2>Who provides the service?<\/h2>\n<p>A gang&#8217;s key person is the founder, or <strong>topic starter<\/strong>. This guy manages everyone else:<\/p>\n<ul>\n<li><strong>Coders<\/strong>, who are responsible for Telegram channels, chats and bots<\/li>\n<li><strong>Refunders<\/strong>, or fake support agents<\/li>\n<li><strong>Carders<\/strong>, who withdraw money from the victim&#8217;s bank account<\/li>\n<li><strong>Workers<\/strong>, who find ads, respond, and persuade victims to open a phishing link<\/li>\n<\/ul>\n<p>That&#8217;s what the core lineup of almost any gang looks like. Especially sophisticated outfits also include <strong>marketers<\/strong>, <strong>motivators<\/strong> and <strong>mentors<\/strong>. These run promotional campaigns for the project, and provide moral support to, and training for, workers<\/p>\n<p>The members of a scam gang chiefly communicate via private groups and chats in Telegram. The channel we investigated had around 15,000 members, with just five of them being mentors. Virtually everyone else was a worker \u2014 a pawn in this scheme. Read the <a href=\"https:\/\/securelist.com\/message-board-scam\/112691\/\" target=\"_blank\" rel=\"noopener\">investigative story on Securelist<\/a> to find out more about other roles the members of a scam gang have.<\/p>\n<h2>The Telegram bot as the workers&#8217; main weapon<\/h2>\n<p>Bots help gangs automate most of the scamming process. For example, scammers can use these to create unique, personalized phishing ads. A Telegram bot we discovered churns out as many as 48 ads at a time, in four languages, for six classifieds websites and in two versions: seller scam (2.0) and buyer scam (1.0).<\/p>\n<div id=\"attachment_51621\" style=\"width: 1642px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110754\/turnkey-phishing-01.jpg\"><img fetchpriority=\"high\" decoding=\"async\" aria-describedby=\"caption-attachment-51621\" class=\"size-full wp-image-51621\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110754\/turnkey-phishing-01.jpg\" alt=\"A bot creates links for two types of scam at a time: seller scam (2.0) and buyer scam (1.0)\" width=\"1632\" height=\"1280\" \/><\/a><\/p>\n<p id=\"caption-attachment-51621\" class=\"wp-caption-text\">A bot creates links for two types of scam at a time: seller scam (2.0) and buyer scam (1.0)<\/p>\n<\/div>\n<p>Next, a worker uses the Telegram bot to automatically send the links to the victim&#8217;s email, instant messaging account or SMS inbox. As soon as a phishing link is opened, the bot displays a message that says &#8220;Mammoth online&#8221;. This tells the worker that the scam has all but succeeded: the victim has no <a href=\"https:\/\/www.kaspersky.com\/premium?icid=gl_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\">protection<\/a>, so the gang is about to pocket their money.<\/p>\n<div id=\"attachment_51620\" style=\"width: 741px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110706\/turnkey-phishing-02.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-51620\" class=\"size-full wp-image-51620\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110706\/turnkey-phishing-02.png\" alt=\"The bot tells the worker everything the victim does \u2014 in detail\" width=\"731\" height=\"712\" \/><\/a><\/p>\n<p id=\"caption-attachment-51620\" class=\"wp-caption-text\">The bot tells the worker everything the victim does \u2014 in detail<\/p>\n<\/div>\n<p>Instant notifications about anything that happens is one of Telegram bots&#8217; killer features. Thus, if the victim takes the bait, paying for the &#8220;goods&#8221; or &#8220;delivery&#8221;, the worker learns immediately. The bot computes the worker&#8217;s share of the booty and shares the name of the carder who&#8217;ll withdraw the funds.<\/p>\n<div id=\"attachment_51619\" style=\"width: 502px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110612\/turnkey-phishing-03.png\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-51619\" class=\"size-full wp-image-51619\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110612\/turnkey-phishing-03.png\" alt=\"&quot;Another one duped!&quot; \u2014 the new workers' anthem\" width=\"492\" height=\"850\" \/><\/a><\/p>\n<p id=\"caption-attachment-51619\" class=\"wp-caption-text\">&#8220;Another one duped!&#8221; \u2014 the new workers&#8217; anthem<\/p>\n<\/div>\n<p>This is the extent of what the worker needs to do, as the money will be credited to their account automatically\u00a0\u2014 unless they&#8217;re scammed by their own gangmates, which isn&#8217;t unheard of.<\/p>\n<h2>How much scam gangs make<\/h2>\n<p>The workers are the gang&#8217;s cash cows: they pay commissions to the mastermind, mentor, carder and refunder. This project is no doubt a moneymaker: the gang earned more than two\u00a0million\u00a0US\u00a0dollars between August 2023 and June 2024. That&#8217;s what the scammers say anyway, but they can declare whatever figures they want, no matter how inflated, in their internal chat to motivate the workers.<\/p>\n<div id=\"attachment_51618\" style=\"width: 778px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110539\/turnkey-phishing-04.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-51618\" class=\"size-full wp-image-51618\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110539\/turnkey-phishing-04.jpg\" alt=\"A bad day for the scammers \u2014 but a happy one for the whole humanity\" width=\"768\" height=\"316\" \/><\/a><\/p>\n<p id=\"caption-attachment-51618\" class=\"wp-caption-text\">A bad day for the scammers \u2014 but a happy one for the whole humanity<\/p>\n<\/div>\n<p>The scam factory&#8217;s profits are restricted by banks&#8217; transaction limits. The gang we&#8217;re looking at operates out of Switzerland, and local banking rules prevent it from stealing more than 15,000\u00a0Swiss\u00a0francs (approximately 16,700\u00a0US\u00a0dollars) at a time. The workers have a minimum withdrawal amount: they won&#8217;t bother with cards if there are less than 300\u00a0Swiss\u00a0francs (333\u00a0US\u00a0dollars) in the associated account; otherwise the costs would exceed the earnings.<\/p>\n<h2>Avoiding the trap<\/h2>\n<p>Being attacked by turnkey phishing (as opposed to &#8220;regular&#8221; phishing) makes no difference to the target: the scammers are still scammers, trying all kinds of ways to swindle victims out of their money. But, since FaaS makes the scammers&#8217; work so much easier, this kind of scam is on the rise. Accordingly, the protection tips remain the same as for other types of phishing:<\/p>\n<ul>\n<li>Use <a href=\"https:\/\/www.kaspersky.com\/home-security?icid=gl_kdailyplacehold_acq_ona_smm__onl_b2c_blo_lnk_sm-team______\" target=\"_blank\">reliable security<\/a>\u00a0to keep you from following phishing links.<\/li>\n<li>Take a look at our <a href=\"https:\/\/www.kaspersky.com\/blog\/message-board-scam\/51379\/\" target=\"_blank\" rel=\"noopener\">safe online selling rules<\/a>.<\/li>\n<li>Restrict your chats with sellers and buyers to the classifieds sites; to prevent workers from seeing your personal details, don&#8217;t switch to instant messaging apps.<\/li>\n<li>Pay for your online purchases only with virtual cards that have transaction limits, and don&#8217;t store significant amounts in the accounts linked to those.<\/li>\n<li>Read about how <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/fraud\/\" target=\"_blank\" rel=\"noopener\">other scams<\/a> work to stay on top of trends.<\/li>\n<\/ul>\n<p> <input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\" \/> <br \/><a href=\"https:\/\/www.kaspersky.com\/blog\/turnkey-phishing\/51614\/\" target=\"bwo\" >https:\/\/blog.kaspersky.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2024\/07\/03110401\/turnkey-phishing-featured.jpg\"\/><\/p>\n<p><strong>Credit to Author: Kaspersky Team| Date: Wed, 03 Jul 2024 15:11:42 +0000<\/strong><\/p>\n<p>Scammers are forming large gangs to provide fraud-as-a-service.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10425,10378],"tags":[9751,3924,3985,714,10438],"class_list":["post-24807","post","type-post","status-publish","format-standard","hentry","category-kaspersky","category-security","tag-fraud","tag-phishing","tag-scam","tag-security","tag-threats"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24807"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24807\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}