I’ve been analyzing the online behavior patterns of criminals for about 4 years now. When I first started, the criminals were clearly “specialists” targeting a particular vertical market with their organized crime operations, e.g., online gaming, Internet dating, eCommerce, or financial institutions. They would craft their schemes to specifically exploit a victim Web site until they got caught. Then, they would simply shift their focus over to the next Web site with similar vulnerabilities in that same vertical market.
However, more recently I’ve been noticing fraud rings crossing over vertical markets and perpetrating their crimes/scams simultaneously upon multiple Web sites. I’ve seen, for example, criminals who have been committing Internet dating scams now moving into other vertical markets like eCommerce. In one case, a fraudster was buying “items” at an online jewelry site using a stolen credit card. Simultaneously, he/she was creating accounts on an Internet dating site, paying for their subscription using a stolen credit card.
Conclusively, fraudsters are “diversifying” their operations and committing various forms of fraud across a spectrum of vertical markets in order to increase their return on investment. However, I do still see the “old school” fraudsters sticking it out within the same vertical and focusing their efforts to try and overcome deployed fraud prevention tools within that vertical market.
My advice is simply this: don’t limit yourself to fraud strategies specific to one vertical market. The most effective fraud strategies today are the ones that leverage fraud intelligence collected from across the Internet, not just a subset community.
