Cybercriminals Fall for Scams Too

People have been getting scammed over the internet ever since they started logging on. While it might not surprise many that cybercriminals are not above scamming their own kind, one would think there might be some unspoken rule not to target their own — honor among thieves. However, a new report by Sophos suggests otherwise.

Cybercriminals have their own justice system of sorts, where administrators ban scammers and stop them from using the forum where they interact with other hackers. However, that’s not enough to stop some. Here is how they fall victim to the same scams they employ.

Scamming Scammers Is a Big Business

Matt Wixey — the senior threat researcher at Sophos — states how the company monitored website marketplaces where cybercriminals conduct business with each other. The investigation mainly focused on three websites. The first one is BreachForums, an English forum that replaced RaidForums, which was shut down by U.S. law enforcement.

The other two are Russian websites — Exploit and XSS. Wixey explains cybercriminals use these marketplaces to sell malware, hire other criminals to help with work, or auction credit card information. However, many of these transactions go awry, and as the report indicates, the irony is lost on the perpetrators.

The report mentions scamming crimes of this sort have been going on for years but are not widely investigated due to it happening to other criminals. These cybercrimes have formed a big business and have become a sub-economy. Cybercriminals have lost more than $2.5 million in the last year across these three forums.

Wixey also mentions that the reason for these online scams is often not about money, as one would naturally assume, but in many cases about rivalries and wanting to destroy reputations or personal beef. He goes on to say that not only small-time cyber criminals commit or fall for these crimes but also prominent threat actors.

These scams have gotten so bad that the forums' administrators have started to step in. All three of the websites have arbitration rooms. This is where scamming victims can file complaint reports and moan about incidents to the marketplace admins.

How Are Scammers Getting Scammed?

In the report, Wixey shows many screenshots of the scams witnessed. One of the most common was rip-and-run scams — where a seller sends the item but the recipient refuses to pay, or the seller receives the money but does not send the item.

However, there were also more elaborate and complex scams, such as backdoor malware, blackmail, and even fake guarantors — someone acting as the transaction’s intermediary. Wixey mentions an instance where a scammer took revenge and scammed the person that scammed them.

Wixey says that scam reports were filed for as little as $2, and in one extreme case, someone was scammed out of $130,000. This scenario involved someone selling a Windows kernel exploit. The seller handed the exploit over to the buyer with the agreement they would test it and then send payment.

However, at every stage, the buyer had excuses for not paying. The scam report was filed two months after the tradeoff and the seller had still not received payment. The victim stated they had done business with the buyer in the past and that some trust was involved.

A serious case of instant karma appeared in part two of the report Sophos released. This incident involved a cybercriminal buying a fake copy of Axie Infinity — a cryptocurrency game — with an uninvited guest attached.

Scams that target cryptocurrency — often called a rug pull — are not new but can be devastating. The idea is to steal the funds legitimate users were transferring. However, this is not how it played out. The seller of the item had inserted backdoor malware into the product. Instead of sending the funds to the person who bought the scam, it was sent to the seller.

Why Scammers Getting Scammed Is Relevant

The forum admins are aware of this scamming situation and have implemented warning signs on their sites to invoke caution from users. Wixey mentions that another marketplace website — Verified — has stated it’s aware of fake links to its site and instead advises users to utilize plugins to detect scams.

BreachForums took this one step further and posted a list of legitimate domain names it uses with a transparency report to show people it still has control of the website. Wixey says that most forums urge users to employ guarantors. These middlemen can help cybercriminals avoid being scammed.

However, this method might be ineffective, as Wixey has mentioned seeing scam reports about fake intermediaries. Wixey says the main way of dealing with these scams is the dedicated arbitration rooms that have been created. The reason why scammers getting scammed is relevant is due to the evidence they provide.

Admins require proof to take scam claims seriously. Typically cybercriminals are very cautious, especially on forums. However, Wixey says caution flies out the window when they are the ones being scammed.

They are happy enough to provide evidence such as screenshots of private conversations, chat logs, negotiations, identifiers and source codes. Wixey states these scam reports are filled with extensive intelligence that can be used to provide insight into how cybercriminals operate and interact with one another.

All this can be utilized to better understand and catch threat actors. Wixey mentions that monitoring these scam reports brought to light a large elaborate scam involving creating a fake replica of one of these marketplaces. When users tried to join this site — thinking it was the real deal — a $100 activation fee would greet them. Wixey and his team dug further into this scam and found another 19 websites created by the same group that functioned similarly.

The Irony in Scamming a Scammer

The irony of scamming a scammer is lost on these threat actors. Although scam reports can be considered humorous, they also serve as a valuable asset to help apprehend these criminals. Unfortunately, many innocent people have fallen victim to scams, but it’s somewhat comforting to know that scammers fall for them, too.