One Article Review
| Source |  AlienVault Lab Blog |
|---|---|
| Identifiant | 8324617 |
| Date de publication | 2023-04-04 10:00:00 (vue: 2023-04-04 10:06:51) |
| Titre | Fraudeurs chinois: ÉVADER DE DÉTECTION ET MONÉTISATION Chinese fraudsters: evading detection and monetizing stolen credit card information |
| Texte | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Cyber attacks are common occurrences that often make headlines, but the leakage of personal information, particularly credit card data, can have severe consequences for individuals. It is essential to understand the techniques employed by cyber criminals to steal this sensitive information.
Credit card fraud in the United States has been on the rise, with total losses reaching approximately $12.16 billion in 2021, according to Insider Intelligence. Card-Not-Present (CNP) fraud constituted 72% of these losses, with a substantial portion attributed to Chinese fraudsters.
This article discusses the tactics employed by Chinese cyber actors in committing CNP fraud and their value chain.
Chinese fraudsters primarily target the United States for two reasons: the large population makes phishing attacks more effective, and credit card limits in the country are higher compared to other nations. These factors make the US an attractive market for card fraudsters.
Common methods for acquiring card information include phishing, JavaScript injection through website tampering, and stealing data via Trojan horse infections. Phishing is the most prevalent method, and this analysis will focus on phishing tactics and the monetization value chain of stolen credit card information.
Chinese fraudsters have developed extensive ecosystems for their operations. In a card fraud community targeting Japan and the US, over 96,000 users have joined. For 3,000 Chinese yuan in Bitcoin, individuals can enroll in a bootcamp to learn phishing techniques through recorded videos and access resources for creating phishing sites and profiting from stolen credit cards.
According to the community leader, more than 500 students enrolled in the first half of 2022 alone. This leader has made significant profits, receiving 56 BTC over the past three years.
Chinese fraudster ecosystem: actor’s value chain
The value chain of Card Non-present fraud is shown as the following picture.
To carry out these activities, Chinese fraudsters establish a value chain for CNP fraud, starting with setting up a secure environment. They anonymize IDs, falsify IP addresses, change time zones and language settings, alter MAC addresses and device IDs, modify user agents, and clear cookies to evade detection by security researchers and bypass various security measures.
Fraudsters also use residential proxies, which are infected domestic devices, to access targeted websites indirectly and avoid tracking. These proxies can be purchased from online providers, with payments made via stolen credit cards or bitcoin. By selecting the desired IP address, users can access the target site with a fake IP address, making it difficult to trace their activities.
One residential proxy service popular among Chinese fraudsters is "911," which is built using software distributed under the guise of a free VPN service. Once installed, users are unknowingly transformed into valuable residential proxies for fraudsters without their consent. The service offers locations at city granularity to match the target user\'s geographic location.
Additionally, fraudsters can select ISP and device fingerprints, such as browser version, operating system, and screen size. This information is usually acquired through phishing, and fraudsters select the ones used by the victims t |
| Envoyé | Oui |
| Condensat | $12 000 120 2021 2022 500 911 about abuser access accessing according acquired acquiring activities actor’s actors actual additionally address addresses adopt advanced advantage against agents alone also alter although among analysis analysis: anonymize another anti any anymore appliances approximately are area article asian at&t attack attacks attempt attractive attributed authentication author available avoid bags banking barrier based become been behavior being billion bitcoin blacklist blocked blocking blocks bootcamp bot brand brands browser btc built but bypass ca/rpaas/ call calling can canada card cards carry cases cashing categories: center chain challenging change channels check china chinese city clean clear close cnp coins collaborator commission committing common commonly community companies company compared concentrate confirm consent consequences constituted content continue continuously cookies counteract countries country covering create creating credit criminals critical cryptocurrency cyber dark data database dealers dealing deceive defend depth desired detected detection developed device devices different difficult directly disabling discusses disguise disseminate distinguish distributed divided dividing does domain domestic don donate donating donations down due each easily ebooks ecommerce ecosystem: ecosystems effective elaborate elements elude email emails emerged employed endorse engineering enhancing enroll enrolled ensuring environment errors essential establish evade evading evasion even existing expertise exploitation extends extensive factors fake falsify favorite features fee fido filters fingerprints first focus focusing following former found fraud fraudster fraudsters fraudsters: free friends from gains geographic geographically geolocation gift goods granularity guise half happening has have headlines high higher home horse however https://gric ids imitate impersonate improve include included including incorporate indirectly indispensable individuals infected infections influencer influencers information infrastructures injection insider installed insufficient intelligence investigated involves isp japan javascript joined july kit kits language large largest latter laundering leader leakage learn learning legal limit limits located location locations losses mac machine made mainstream maintaining make makes making malicious man many market match may measures merely method methods middle misuse misusers mobile models modify monetization monetize monetizing money more moreover most multiple must names nations new nft nfts non normal not now nowadays number obtain obtains occurrences offers often once one ones online operating operations organizations other otp out outside over owner particularly passkeys password past payment payments pcs person personal phishers phishing phones picture place platforms: police popular population portion positions post prefer preliminary preparing present pretending prevalent prevent preventing primarily private process products profiting profits provided providers proxies proxy published purchase purchased purchasing quickly reaching reasons: receive received receiving recently recherche recorded redirect removed rented reputation required research researchers residential resold resources responsibility return rightful rise risk roles same sanctions screen secure security select selecting sends sensitive server servers service services set setting settings setup several severe sherbrooke show shown shut significant simply site sites sites: size social software solely some someone something soon sophisticated spam spread stage stage: starting state states stating steal stealing step stolen students substantial such suitable summary system systems tactics tampering target targeted targeting techniques templates than them then these three through tiktok time tools total trace tracking transformed trojan two unaware under understand united university unjust unknowingly upstream url urls use used user users usherbrooke using usually valuable value va |
| Tags | Spam |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.