Refund Fraud-as-a-Service Ads on Hacker Forums Increase by 60%

Research from Netacea reveals that as of September 2022, there are over 1,600 professional refund service adverts on hacker forums.

October 12, 2022

2 Min Read

PRESS RELEASE

Cybercrime’s continued shift to a service-driven economy has enabled several new professionalized hacking services with Refund Fraud-as-a-Service being one of the latest to rise in popularity over the last few years. This is according to Netacea’s latest threat report, which researched rising trends across a multitude of hacking forums.

Refund fraud is the abuse of refund policies for financial gain and costs e-commerce businesses more than $25 billion every year. Those interested in committing refund fraud can outsource the process to professional social engineers offering Refund-as-a-Service. This poses a significant challenge to retailers, as previously legitimate customers can enlist highly experienced fraudsters to perpetrate this fraud on their behalf, making it difficult to identify fraudulent activity. As online shopping continues its upward trend, professional fraudsters will look to cash in on the opportunity.

Netacea’s research also found:

  • Over 540 new refund fraud service adverts were identified in the first three quarters of 2022

  • Refund fraud services increased by almost 150% from 2019 – 2021

Netacea’s report explores the current structure of the underground Refund-as-a-Service market, the changing tactics and methods used by adversarial groups to perform refund fraud, and how threat intelligence and fraud teams can work collaboratively to effectively combat it.

“As shown in the rise of ransomware-as-a-service attacks, cybercriminals have shifted to a service-based economy — and refund fraud is no exception” said Cyril Noel-Tagoe, Principal Security Researcher, Netacea. “As we approach Black Friday and the holiday season, e-commerce stores should take the necessary steps to reduce their risk of refund fraud, including educating employees on the methods and tactics fraudsters take.”

Additional steps include:

  1. Delivery carriers should replace or complement signatures with one-time passwords to prevent refund fraudsters from claiming that packages did not arrive.

  2. E-commerce stores and delivery carriers should work together to look for patterns in their data sets that may indicate fraudulent activity.

  3. Reputation is power in the underground market. In the instance that an e-commerce store identifies the claim to be fraudulent after a refund payment has been made, the store should rebill the customer’s account. An influx of rebill complaints from customers may cause the refund fraud service to drop the retailer from their store list, to avoid negative reviews.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights