IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

RSA Europe: The career paths of a successful online fraudster

Bored of traditional information technology? Maybe it’s time to join the dark side – become an online fraudster…

At RSA Europe it was revealed how easy it was to make a career out of online fraud, with Fraud as a Service' making it possible for even the most technologically inept.

Head of new technology for RSA Europe Uri Rivner revealed some of the ways that computer users started on a career in online fraud.

Potential criminals first had to choose what type of online fraudster that they wanted to be - a harvesting fraudster' whose job was to collect credentials such as credit card data and directly worked with victims, or a cash-out' fraudster, who made money out of the data.

Rivner said that the career paths had to be separate because cash-out fraudsters needed an operation to monetise the data for the black market. With online baking fraud, they would also need to have created bank accounts for which to transfer the victim's money to.

He said: "You need to recruit some collaborators who will have a bank account, collect the funds and send it down the supply chain."

He also revealed how easy it was to buy trojan toolkits and use them, picking out the example of the easy to use Limbo' Trojan, which he said was possible to buy for $350 and was aimed at beginners.

He showed how he used Limbo to collect details from a dummy internet banking website simply by clicking running the program which changed the login page by adding two new fields to plug in ATM numbers and PIN.

He said: From a consumer's viewpoint, you look at the URL which is one from the bank. You check the session certificate which matches as well the actual SSL. Limbo is overriding the session and superimposing itself on the HTML."

"The average user getting this will not have any telling signs that anything is wrong," he added.

He said it wasn't even necessary for fraudsters to update the trojan, because by signing up for Fraud as a Service' it could update the trojan technology for you. He said you can buy for $299 a state of the art latest version of the trojan, already installed in bulletproof hosting, that would be live for years.

Rivner said: "It is already updated automatically with all of the latest anti anti-virus patches. It has a command a control centre. It is also already hooked into an infection service.

"This means that as soon as you subscribe to the service, you can sit back, relax and start seeing computers being infected and credentials that are being collected."

For more coverage and photos from the RSA show, click here.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022