Russians can take credit card fraud masterclasses for £575

Criminals stand to earn £9,200 per month after completing a 20-week course

Fraud

Security researchers have uncovered an online criminal ring providing courses on credit card fraud, in which lectures and webinars offer the chance for would-be fraudsters to earn up to 9,200 per month.

In the same way that you might sign up for a course to learn a new language, criminals are now flocking to these six-week online courses, comprising 20 lectures from five fraud experts, as well as course material and detailed notes, according to new research from digital risk management firm, Digital Shadows. At the end, a novice hacker could be turned into a specialist fraudster.

Aimed at Russian speakers only, for the price of RUB 45,000, or 575, they can learn all the tools needed to commit credit card fraud, earning up to 17 times the average 'legitimate' wage in Russia.

These 'schools', as they are referred to on a number of Russian hacking forums, are taking advantage of a recent trend in credit card use, with many customers ditching physical payments in favour of online transactions. In many cases, no experience is needed to sign up, with some only needing "some social engineering skills".

Course material includes advice on how to manipulate targets through knowledge of their local areas in order to build a rapport and trick them into exposing authentication data. This is typically the favoured attack vector as card PINs often represent the toughest barrier to fraud. As one instructor put it, "that's why I always advise to watch the news because with such [data breach] incidents, it is possible to play beautifully."

In just two of the most popular 'trading' forums, over 1.2 million card holder details are currently on sale for as little as 9.20 each, the majority of which are Visa cards from the US and India, according to the report.

"While tutorials and guides have existed for many years, the online course was on a scale and level of professionalism we have not seen before," the report stated. There also appears to be a strict criminal code, which prohibits the sale of Russian card details.

"This ecosystem is highly complex and international," said Rick Holland, VP of strategy at Digital Shadows. "At each stage, it creates victims from the card industry that loses $24 billion a year to consumers who are frequently duped into revealing their card details.

"The card companies have developed sophisticated anti-fraud measures, and high-quality training like this can be seen as a reaction to this," added Holland. "Unfortunately, it's a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers."

Digital Shadows' latest report provides advice for consumers and vendors to help limit the damage these sophisticated schools can cause, such as being vigilant for unusual activity and opting to only use stores and sites that offer 3D secure anti-fraud for purchases.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Putin open to handing cyber criminals over to US
hacking

Putin open to handing cyber criminals over to US

14 Jun 2021
Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌
Google Docs

Futurex‌ ‌and Google enable‌ ‌client-side‌ ‌Google‌ ‌Workspace encryption‌

14 Jun 2021
The complete guide to building a security awareness programme that works
Whitepaper

The complete guide to building a security awareness programme that works

14 Jun 2021
2021 state of the phish
Whitepaper

2021 state of the phish

14 Jun 2021

Most Popular

Ten-year-old iOS 4 recreated as an iPhone app
iOS

Ten-year-old iOS 4 recreated as an iPhone app

10 Jun 2021
Fastly blames software bug for major outage
public cloud

Fastly blames software bug for major outage

9 Jun 2021
GitHub to prohibit code that’s used in active attacks
cyber security

GitHub to prohibit code that’s used in active attacks

7 Jun 2021