The Business of Fraud: Bank Fraud
Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.
Recorded Future analyzed current data from the Recorded Future® Platform, dark web and special-access sources, and open-source intelligence (OSINT) between March 2021 and March 2022 to observe and identify how threat actors are conducting and advertising the following types of bank fraud: accounting, loan, checking, and wire transfer. This report expands upon findings addressed in the first Insikt Group Fraud Series report, “The Business of Fraud: An Overview of How Cybercrime Gets Monetized”.
Executive Summary
Bank fraud is the use of illegal means to obtain money, assets, or other property owned or held by a financial institution or individual by fraudulently posing as a bank, another financial institution, or another individual. As the financial sector has incorporated online and internet-connected banking into its business model, traditional means of fraudulently acquiring funds from a bank have been replicated and updated to target today’s online banking employee and consumer. Throughout Recorded Future’s “Business of Fraud” series of reports, we have identified many tactics, techniques, and procedures (TTPs) being used by cybercriminals to facilitate online criminal activities. Many of these same TTPs, from harvesting and using compromised personally identifiable information (PII) to social engineering, are also being used to conduct banking and online banking account fraud. In this report, we examined cybercriminal activities around the following types of bank fraud due to their often going overlooked and to identify parallels with other types of financial-related fraud: accounting, loan, check, and wire transfer.
Key Findings
- Threat actors are offering services and selling how-to guides and tutorials that include instructions on how to manipulate financial records, get approval for loans, and purchase compromised accounts that contain loan application information. Hackers-for-hire include the capability of accessing and manipulating records and documentations in their advertisements.
- Counterfeit checks are still in high demand and are often coupled with threat actors looking to conduct wire transfers or cash out. The means of creating a counterfeit check has become more automated and customized, with threat actors operating shops that focus on this service and whose user interface is easy to follow.
- Threat actors continue to use instant messaging platforms to advertise, negotiate, and sell services and listings that facilitate check, loan, wire transfer, and accounting frauds. These messaging platforms are all-encompassing when compared to the traditional dark web ecosystem (forums, marketplaces, and shops) in that they provide instantaneous communication, greater control in adding and removing listings, and are more readily available.
Background
Bank fraud is the use of illegal means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently posing as a bank or other financial institution. While the specific elements of particular banking fraud laws vary depending on jurisdictions, the term “bank fraud” applies to actions that employ a scheme or artifice, as opposed to bank robbery or physical theft. For this reason, bank fraud is sometimes considered a white-collar crime. Online banking services now allow customers to access bank accounts and records via personal computers and mobile devices. This convenience has not only increased the attack surface but has allowed cybercriminals to creatively leverage new and old methods for conducting nefarious activities.
Threat actors gain access to online banking accounts in multiple ways, such as using a stolen identity (identity theft) to open new accounts (application fraud) or obtaining valid credentials to existing accounts (account takeover) through phishing, credential reuse, different types of malware, or purchasing them from dark web sources. Given the previous reporting done by Recorded Future that relates to financial crimes (laundering funds, using compromised PII and counterfeit documentation to open accounts, using sniffers, bank injects/overlays, infostealers to harvest banking credentials to take over accounts and payment cards, and recruiting mules and cashout services), this report will not focus specifically on compromised payment card data or one of the aforementioned topics. Rather, this report will examine how cybercriminals are conducting operations across a variety of dark web and special-access sources to facilitate the following types of bank fraud, which are not as commonly known or popularized: check, loan, wire transfer, and accounting fraud.
Editor’s Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF.
Related