The IT Nerd

With increasing sanctions against cryptocurrencies, deflating value and increased attention from law enforcement, cryptocurrency is still the top vehicle for cybercriminals to launder money. Surprisingly, the Dark Web is swarming with counterfeit currency/banknotes impacting individuals and businesses on a large scale.

According to a new report from Dov Lerner, Head of Threat Research at Cybersixgill, there was a 91% increase in the number of deep and dark web market listings advertising counterfeit banknotes, with the top 10% of cybercriminals posting on it dominating 80% of the conversation.

You can read the full report here.

Cybersixgill has published a new report analyzing how scammers commit refund fraud to steal from retailers on the heels of the RH-ISAC releasing its cyber threat trends, which highlights return fraud as a key area of concern that’s trending in the retail and hospitality industry during this holiday season. 

Threat Intelligence Researcher at Cybersixgill, Adi Bleih, examines refunding tactics increasingly growing in popularity on underground forums, where scammers share how they make cash by defrauding retailers, including a breakdown of the top 10 most mentioned brands on the dark web for retail fraud in 2022.

The report is worth your time to read. Especially if you’re selling online this holiday season.

Cybersixgill has found that hackers are selling compromised sports streaming passwords on the underground. Specifically, over the past 2 years, Cybersixgill has found 31,324 posts sharing or selling streaming accounts on underground forums, markets, and messaging platforms and 17,978 posts in access markets that included credentials for a streaming service of pro sports leagues such as the NBA, NFL, MBL, and NHL.

Knowing that games have been increasingly broadcasted on cable television and subscription-only networks that cost hundreds of dollars, hackers are broadening their scope of techniques to harvest credentials. 

You can find out more about this here.

It’s the time of year where we often get gift cards for people. But after reading this report from Cybersixgill, I might rethink that.

Adi Bleh, threat analyst at global threat intelligence firm, Cybersixgill, has found that cybercriminals are using automated hacking tools to generate gift cards for top brands, including Amazon, Netflix, PayPal, Spotify, and Sony. In addition to creating these fake gift cards to steal from retailers, Adi has also uncovered that cybercriminals are using gift cards to launder money and evade law enforcement. 

So, how do you protect yourself? Here’s some tips from Cybersixgill:

Consumers should check their gift card balance regularly and report any suspected fraudulent activity to the relevant retailer. 

Retailers and gift card issuers, meanwhile, should monitor the tools available on the underground so they can create countermeasures. They should use more complex codes to prevent generators from enumerating the numbers, and they should implement controls to detect and block checkers from validating a large quantity of codes. Furthermore, they should monitor their gift cards’ internal traffic to detect unusual expenses, locations, multiple cards held by one customer, and other activities that indicate fraudulent activity.

I can easily see this becoming a huge problem as we approach the holiday season. Thus both retailers and consumers need to be on guard.