Russians can take credit card fraud masterclasses for £575

Criminals stand to earn £9,200 per month after completing a 20-week course

Fraud

Security researchers have uncovered an online criminal ring providing courses on credit card fraud, in which lectures and webinars offer the chance for would-be fraudsters to earn up to 9,200 per month.

In the same way that you might sign up for a course to learn a new language, criminals are now flocking to these six-week online courses, comprising 20 lectures from five fraud experts, as well as course material and detailed notes, according to new research from digital risk management firm, Digital Shadows. At the end, a novice hacker could be turned into a specialist fraudster.

Aimed at Russian speakers only, for the price of RUB 45,000, or 575, they can learn all the tools needed to commit credit card fraud, earning up to 17 times the average 'legitimate' wage in Russia.

These 'schools', as they are referred to on a number of Russian hacking forums, are taking advantage of a recent trend in credit card use, with many customers ditching physical payments in favour of online transactions. In many cases, no experience is needed to sign up, with some only needing "some social engineering skills".

Course material includes advice on how to manipulate targets through knowledge of their local areas in order to build a rapport and trick them into exposing authentication data. This is typically the favoured attack vector as card PINs often represent the toughest barrier to fraud. As one instructor put it, "that's why I always advise to watch the news because with such [data breach] incidents, it is possible to play beautifully."

In just two of the most popular 'trading' forums, over 1.2 million card holder details are currently on sale for as little as 9.20 each, the majority of which are Visa cards from the US and India, according to the report.

"While tutorials and guides have existed for many years, the online course was on a scale and level of professionalism we have not seen before," the report stated. There also appears to be a strict criminal code, which prohibits the sale of Russian card details.

"This ecosystem is highly complex and international," said Rick Holland, VP of strategy at Digital Shadows. "At each stage, it creates victims from the card industry that loses $24 billion a year to consumers who are frequently duped into revealing their card details.

"The card companies have developed sophisticated anti-fraud measures, and high-quality training like this can be seen as a reaction to this," added Holland. "Unfortunately, it's a sign that criminals continually seek to lower barriers to entry, which then put more criminals into the ecosystem and cost card brands, retailers and consumers."

Digital Shadows' latest report provides advice for consumers and vendors to help limit the damage these sophisticated schools can cause, such as being vigilant for unusual activity and opting to only use stores and sites that offer 3D secure anti-fraud for purchases.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021