Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    November 2014
    S M T W T F S
    « Oct    
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    30  
  • About Us
    TrendLabs Security Intelligence Blog(breadcrumbs are unavailable)

    Author Archive - Kyle Wilhoit



    Feb26
    1:57 pm (UTC-7)   |    by

    Just like other businessmen, scammers operate using certain business models. In my previous post, I wrote about the typical scammer, their trust model, and the strategies they use to get, hold, and sustain customers. In this post, we’ll look at their business model, and how users can avoid their schemes.

    Scammers Business Model

    While scammers typically don’t use a formalized business model, we can easily determine how these guys operate. This model is similar to traditional business models in that it focuses on gaining and keeping customers and sending referrals. Though this model may not be true to all operations/operators of scams, this template is based on the common behavior exhibited by these operators.

    In this business model sample, scammers first scout for customers. Once they are able to ascertain these customers, they develop loyalty programs to keep them around, which include selling items in bulk. They also attempt to grow their customer base either through referrals or by verifying their fellow scammers (“back scratching”).

    business-model-scammers

    Figure 1. Sample scammer business model

    We have seen this type of business model used several times in scams and continue to see its prevalence in 2013. In the 2013 security predictions, we stated that these sellers will become more motivated as 2013 progresses, and this is just further proof that we will continue to see this type of business development these coming years.

    Read the rest of this entry »

     
    Posted in Bad Sites | Comments Off


    Feb19
    12:00 am (UTC-7)   |    by

    In my last blog post, I covered several topics around how cybercriminals use your stolen information and why these criminals want your information. That entry, along with this entry, is part of a blog series intended to cover the expanding economies in relation to cybercrime, as well as some facts and recommendations to help safeguard your data against information theft.

    In the first part of the two-part intelligence brief series, I will tackle the existing “trust model” in the underground cybercrime arena and some profiling of the gateways/actors that sell these goods.

    Information Theft Business Model

    It’s no secret that scammers are out there to make a quick buck. However, what’s often not known or discussed is how they engage the market to sell their goods.

    These scammers must first engage the market with their goods. They often reach out to Pastebin, underground forums, and several other sites designed to peddle their wares. Furthermore, they also use a popular tactic of posting their “ads” on legitimate forums and sites. This step can be considered the aspect of “gaining your customers”. The next step is establishing a pricing model to fit the marketplace.

    Price Discrimination vs. Penetration Pricing

    During the past five years, there have been a number of incidents outlining price discrimination on underground forums. Price discrimination exists when a provider sells identical goods or services at different prices for several reasons. There are realistically four degrees of price discrimination, all with varying discriminatory fashions.

    However, in the past two years, there has been a shift away from price discrimination and to a more penetration pricing model. Penetration pricing is a tactic used by a seller to attract new buyers in multiple different ways.

    In the penetration pricing model, scammers enter the market and sell their wares at a much lower price to gain market space, and then slowly increase their price until it meets market value with the other sellers. Many of the vendors participating in selling stolen goods enjoy a good market for selling these goods after using this model. Utilizing this will often lead to increased sales volume and higher inventory turnover.

    This penetration pricing upswing has likely occurred as there were many new entrants into the underground marketplace selling goods. These new entrants weren’t following maximum price rules or by unique buyer attributes.

    These scammers are also enjoying a fairly uninhibited marketplace since the ease of hiding their nefarious activities has dramatically improved. For those familiar, see onion routing, and that will easily explain one of the many ways these actors hide their tracks.

    Read the rest of this entry »

     


    Jan16
    10:20 pm (UTC-7)   |    by

    In passing, I recalled talking to my neighbor where I mentioned working in the area of information security. His next question quickly came out- “Why do these scammers want my information?” The more I’m asked this question, the more apparent it becomes that user information is highly valuable.

    Would it be surprising to know that it would merely cost $5 (USD) to buy all of your personal information on underground forums and sites? Some of you may also be surprised to find out the information for sale isn’t just your name and address-it’s far more than that.

    “Fullz”, as it is referred to in underground forums contain not just credit card numbers, names, and date of births. “Fullz” are typically delivered in one of several methods. First, it could be a text or .CSV file containing all of the information in a comma separated file. All of the details of the compromised individuals would be included in the file for easy perusal. In addition, “fullz” could be delivered via a portable database format, like a .MDF file for easy local database import. You can also find personal questions asked during account registrations as well as driver’s license information, social security number, and other information.

    figure1_WH_edited

    Just because these scammers are nefarious, it doesn’t mean they’re not entrepreneurial. For instance, one seller offers bulk discounts for orders as seen in figure 2.

    figure2_WH

    These scammers also offer the sale of “dumps”, which is the raw data off the magstrip of your credit cards. In addition to dumps, they sell “plastics”, which are blank cards that are used for writing dumps too.

    And finally, to make scamming even easier, attackers are selling direct logins for bank accounts as well as the transportation of high-end electronics. Bank accounts are being sold for direct access to the money- no more buying dumps and plastics, just use your bank login information and transfer the money.

    High-end electronics are also peddled on the black market for reasonable prices. These scammers buy devices at retail price using stolen credit card information, and proceed to sell it at discounted rates online for cash.

    figure3_WH

    Read the rest of this entry »

     


     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice