Refund Fraud-as-a-Service Ads on Hacker Forums Increase by 60%Refund Fraud-as-a-Service Ads on Hacker Forums Increase by 60%
Research from Netacea reveals that as of September 2022, there are over 1,600 professional refund service adverts on hacker forums.
October 12, 2022
Cybercrime’s continued shift to a service-driven economy has enabled several new professionalized hacking services with Refund Fraud-as-a-Service being one of the latest to rise in popularity over the last few years. This is according to Netacea’s latest threat report, which researched rising trends across a multitude of hacking forums.
Refund fraud is the abuse of refund policies for financial gain and costs e-commerce businesses more than $25 billion every year. Those interested in committing refund fraud can outsource the process to professional social engineers offering Refund-as-a-Service. This poses a significant challenge to retailers, as previously legitimate customers can enlist highly experienced fraudsters to perpetrate this fraud on their behalf, making it difficult to identify fraudulent activity. As online shopping continues its upward trend, professional fraudsters will look to cash in on the opportunity.
Netacea’s research also found:
Over 540 new refund fraud service adverts were identified in the first three quarters of 2022
Refund fraud services increased by almost 150% from 2019 – 2021
Netacea’s report explores the current structure of the underground Refund-as-a-Service market, the changing tactics and methods used by adversarial groups to perform refund fraud, and how threat intelligence and fraud teams can work collaboratively to effectively combat it.
“As shown in the rise of ransomware-as-a-service attacks, cybercriminals have shifted to a service-based economy — and refund fraud is no exception” said Cyril Noel-Tagoe, Principal Security Researcher, Netacea. “As we approach Black Friday and the holiday season, e-commerce stores should take the necessary steps to reduce their risk of refund fraud, including educating employees on the methods and tactics fraudsters take.”
Additional steps include:
Delivery carriers should replace or complement signatures with one-time passwords to prevent refund fraudsters from claiming that packages did not arrive.
E-commerce stores and delivery carriers should work together to look for patterns in their data sets that may indicate fraudulent activity.
Reputation is power in the underground market. In the instance that an e-commerce store identifies the claim to be fraudulent after a refund payment has been made, the store should rebill the customer’s account. An influx of rebill complaints from customers may cause the refund fraud service to drop the retailer from their store list, to avoid negative reviews.
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Use Threat Intelligence to Mitigate Third-Party Risk
Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks