Russians can take credit card fraud masterclasses for £575

Criminals stand to earn £9,200 per month after completing a 20-week course

Fraud

Security researchers have uncovered an online criminal ring providing courses on credit card fraud, in which lectures and webinars offer the chance for would-be fraudsters to earn up to 9,200 per month.

In the same way that you might sign up for a course to learn a new language, criminals are now flocking to these six-week online courses, comprising 20 lectures from five fraud experts, as well as course material and detailed notes, according to new research from digital risk management firm, Digital Shadows. At the end, a novice hacker could be turned into a specialist fraudster.

Advertisement - Article continues below

Aimed at Russian speakers only, for the price of RUB 45,000, or 575, they can learn all the tools needed to commit credit card fraud, earning up to 17 times the average 'legitimate' wage in Russia.

These 'schools', as they are referred to on a number of Russian hacking forums, are taking advantage of a recent trend in credit card use, with many customers ditching physical payments in favour of online transactions. In many cases, no experience is needed to sign up, with some only needing "some social engineering skills".

Course material includes advice on how to manipulate targets through knowledge of their local areas in order to build a rapport and trick them into exposing authentication data. This is typically the favoured attack vector as card PINs often represent the toughest barrier to fraud. As one instructor put it, "that's why I always advise to watch the news because with such [data breach] incidents, it is possible to play beautifully."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

In just two of the most popular 'trading' forums, over 1.2 million card holder details are currently on sale for as little as 9.20 each, the majority of which are Visa cards from the US and India, according to the report.

"While tutorials and guides have existed for many years, the online course was on a scale and level of professionalism we have not seen before," the report stated. There also appears to be a strict criminal code, which prohibits the sale of Russian card details.

"This ecosystem is highly complex and international," said Rick Holland, VP of strategy at Digital Shadows. "At each stage, it creates victims from the card industry that loses $24 billion a year to consumers who are frequently duped into revealing their card details.

"The card companies have developed sophisticated anti-fraud measures, and high-quality training like this can be seen as a reaction to this," added Holland. "Unfortunately, it's a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers."

Digital Shadows' latest report provides advice for consumers and vendors to help limit the damage these sophisticated schools can cause, such as being vigilant for unusual activity and opting to only use stores and sites that offer 3D secure anti-fraud for purchases.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/software/video-conferencing/355410/zoom-50-adds-256-bit-encryption-and-ui-refresh
video conferencing

Zoom 5.0 adds 256-bit encryption to address security concerns

23 Apr 2020
Visit/security/hacking/355382/whatsapps-flaw-shoulder-surfing
hacking

WhatsApp flaw leaves users open to 'shoulder surfing' attacks

21 Apr 2020
Visit/security/cyber-security/355368/microsoft-builds-ai-to-detect-security-flaws-with-99-accuracy
cyber security

Microsoft AI can detect security flaws with 99% accuracy

20 Apr 2020
Visit/security/vulnerability/355276/businesses-brace-for-second-fujiwhara-effect-of-2020-as-patch-tuesday
vulnerability

Businesses brace for second 'Fujiwhara effect' of 2020 as Patch Tuesday looms

9 Apr 2020

Most Popular

Visit/mobile/5g/355712/nokia-5g-speed-record
5G

Nokia breaks 5G record with speeds nearing 5Gbps

20 May 2020
Visit/cloud/cloud-computing/355742/microsoft-launches-public-cloud-service-for-health-care
cloud computing

Microsoft launches public cloud service for health care

21 May 2020
Visit/software/video-conferencing/355596/house-of-commons-to-ditch-zoom
video conferencing

House of Commons to ditch Zoom in favour of British alternative

11 May 2020