Russians can take credit card fraud masterclasses for £575

Criminals stand to earn £9,200 per month after completing a 20-week course

Fraud

Security researchers have uncovered an online criminal ring providing courses on credit card fraud, in which lectures and webinars offer the chance for would-be fraudsters to earn up to 9,200 per month.

In the same way that you might sign up for a course to learn a new language, criminals are now flocking to these six-week online courses, comprising 20 lectures from five fraud experts, as well as course material and detailed notes, according to new research from digital risk management firm, Digital Shadows. At the end, a novice hacker could be turned into a specialist fraudster.

Aimed at Russian speakers only, for the price of RUB 45,000, or 575, they can learn all the tools needed to commit credit card fraud, earning up to 17 times the average 'legitimate' wage in Russia.

These 'schools', as they are referred to on a number of Russian hacking forums, are taking advantage of a recent trend in credit card use, with many customers ditching physical payments in favour of online transactions. In many cases, no experience is needed to sign up, with some only needing "some social engineering skills".

Course material includes advice on how to manipulate targets through knowledge of their local areas in order to build a rapport and trick them into exposing authentication data. This is typically the favoured attack vector as card PINs often represent the toughest barrier to fraud. As one instructor put it, "that's why I always advise to watch the news because with such [data breach] incidents, it is possible to play beautifully."

In just two of the most popular 'trading' forums, over 1.2 million card holder details are currently on sale for as little as 9.20 each, the majority of which are Visa cards from the US and India, according to the report.

"While tutorials and guides have existed for many years, the online course was on a scale and level of professionalism we have not seen before," the report stated. There also appears to be a strict criminal code, which prohibits the sale of Russian card details.

"This ecosystem is highly complex and international," said Rick Holland, VP of strategy at Digital Shadows. "At each stage, it creates victims from the card industry that loses $24 billion a year to consumers who are frequently duped into revealing their card details.

"The card companies have developed sophisticated anti-fraud measures, and high-quality training like this can be seen as a reaction to this," added Holland. "Unfortunately, it's a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers."

Digital Shadows' latest report provides advice for consumers and vendors to help limit the damage these sophisticated schools can cause, such as being vigilant for unusual activity and opting to only use stores and sites that offer 3D secure anti-fraud for purchases.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Lumen's digital portal simplifies the ordering of IT solutions
Business strategy

Lumen's digital portal simplifies the ordering of IT solutions

20 Oct 2020
US charges six Russians behind NotPetya and Olympics hacks
Security

US charges six Russians behind NotPetya and Olympics hacks

20 Oct 2020
Microsoft becomes the most-spoofed brand for phishing attacks
Security

Microsoft becomes the most-spoofed brand for phishing attacks

20 Oct 2020
Managing employee security risks during lockdown
Security

Managing employee security risks during lockdown

20 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
Google blocked record-breaking 2.5Tbps DDoS attack in 2017
Security

Google blocked record-breaking 2.5Tbps DDoS attack in 2017

19 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020