Fraud rings have been trying to increase their membership as they have targeted users of the New Zealand auction website Trade Me with a multi-step scam, taking over sellers’ accounts and using them to recruit money mules.
Account takeover doesn’t just affect financial institutions, but any online organization that maintains billing instruments, personal information or anything valuable to fraudsters protected by a username and password. A recent case of fraudsters targeting the New Zealand auction site Trade Me shows the organized steps and measures fraudsters will go through to carry out their planned attacks. Fraudsters from Nigeria, Eastern Europe and Indonesia have been targeting seller accounts on Trade Me with phishing emails claiming to be the auction site. The email provides a link for the seller to update or confirm their account details, but this information goes directly to the fraudsters.
The second step of the attack is to take over the seller account and create a set of fake sales listings. Using the compromised seller accounts the fraudsters seem more legitimate as an auction seller with history and rapport. But what makes this organized attack interesting is the value the fraudsters see in the seller accounts they’ve taken over. Rather than try to collect payment for sales of goods they don’t have or never ship, the fraudsters use the seller accounts to initiate communications with buyers and then attempt to recruit them as money mules. The fraudsters will post listings on the auction site and interested buyers are instructed to contact the fraudsters posing as sellers by phone or email. When contacted the fraudsters then try to persuade the would-be-buyer into aiding their fraud ring by serving as a money mule.
While account takeover is pretty common, this isn’t your typical account takeover scheme. Nonetheless, it shows the planning, organization and thought fraudsters put into their scams. Keep in mind this is only one part of a fraud operation. If they are going through this much trouble to find money mules, there is likely an even greater level of organization in the attacks or schemes the fraudsters used to obtain the funds they are now trying to move.
For more information: