Search This Blog

Showing posts with label Sift. Show all posts

Sift Exposes New Telegram Fraud Scheme to Exploit Restaurants and Food Delivery Apps


As the popularity of food delivery apps is increasing with each passing day so is the revenue,  as a consequence, these apps have been on the hit list of scammers. Sift, a US-based digital trust and safety firm has stated that it has spotted a fraud scheme where scammers leverage the chatting app Telegram to steal from restaurants and food delivery apps.

Sift’s Digital Trust and Safety experts discovered that threat actors are promoting their services on Telegram forums to buy food and beverage orders at steep discounts, using stolen payment information on behalf of clients.

The methodology used by fraudsters

Professional scammers advertise in Telegram forums, such as ‘Fraud Market’ that they can illicitly buy food and beverage orders at a steep discount, typically 60-75% off. Diners who are tempted to take advantage of this offer direct-message the scammers along with a screenshot of their food app shopping cart and their delivery address to place the order.

The scammer accepts the order and the diner pays the scammer using cryptocurrency such as Bitcoin or Ethereum via PayPal, Venmo, or Cash App and the scammer covers the whole cost via a new account, stolen credit card information, or a hacked account.

Brittany Allen, trust and safety architect at Sift explained that “the Dark Web can be difficult to access and with frequent marketplace shutdowns by law enforcement, bad actors are looking for new places to commit a crime. End-to-end encrypted messaging platforms like Telegram are attractive options as they are more accessible and it is easier to go undetected when committing low-level fraud.”

Sift experts disclosed that from the third quarter to the fourth quarter of 2020 there was a 14% increment in payment scams targeting restaurants and food delivery apps. This is not the first scheme that Sift experts have uncovered to exploit the restaurants and food delivery services.

How Content Abuse is giving rise to online Frauds, explains SIFT

A report from Sift on 'Content Abuse and the Fraud Economy' explores the rising arena of online frauds and content abuse in 2020, detailing how content abuse tricks users for falling for the fraud and giving it an air of legitimacy.

The report also exposes a fraud ring in Russia that tested credit cards and wallets on e-commerce websites and posted false content.

Content Abuse 

The data used in the report came from 34,000 sites and with a survey of over 1000 users by Sift on Content Abuse.

Understanding the "Fraud Supply Chain: A Network of Content Abuse, Account Takeover (ATO) and Payment Fraud" -

As a market works on a proper chain of demand and supply similarly these fraud rings have a proper network where content abuse works as a bridge between Payment fraud and account takeover.

Account Takeover exposes financial credentials and includes stolen cards and debits or wallets that can be used for performing payment fraud whereas content abuse works as a cushion and bridges account takeover and payment fraud. It convinces users to share details or send money through fake messages, reviews, phishing, or romance scams. Payment fraud then is the goal of the above two where buying and selling could occur via the cards and info collected by Account Takeover and Content Abuse.

 According to the report fake content can be found in plenty on the Internet and the numbers are shocking. Consumers find 70% of content on social media fake, 40% on classified, 21% on travel sites, and 15% on Job Boards.

 The Bargaining Bear

Sift's data science team in June also discovered a fraud ring on an e-commerce market place that exploited account takeover and content abuse to check the credentials of stolen debit cards and wallets to see if they worked and how much were they worth.

 "To test dozens of stolen cards, they “sold” the items to each other, after “haggling” those prices down to $1.00 USD— a typical price used to test hijacked payment details. Each listing was uncharacteristic for this marketplace, purchased on the same day, and included several fake reviews to strengthen the appearance of authenticity.", stated the report. 

 The team working from Russia, made various sellers profiles (with the same IP address) and sold stuff at cheap prices and bought the materials themselves leaving fake content listings that gave a legitimate reputation to the seller for easy card testing.