Leading Strategy

Both Sizes of Hacker Fraud: Victim Pay to Restore, wallet is lighter and still dont have the service


Both sides of Fraud.   Why human nature of victim despair, and fraudster greed creates an escalating challenge with hacker fraud. 





Victim's Story: Everything seemed normal enough, but  my system crashed.  I had to reinstall.   Somethings not right.... Not sure why, but something is off.   I will spend an afternoon chasing obvious symptoms and fixes. I'm unsettled, who has my data, and what did they do with it.  Frantically reading through evidence of tampering or fraud, nothing in my sent mail, oh but if I could delete, they could delete.  I cant reset my password.  What do I do.. what do I do.  Google search after Google search.  I just want to talk to a HUMAN who can make me feel better.


Fraudsters Story: I access your email to grab data sets 
that allow me to commit fraud. What you call identity theft, I call "account takeover".   Don't worry, I don't want to move in, I dont want your identity, I just want to gain some value.  What you had emailed, gives me ways and methods to act as you, to trick you and more importantly, to trick others, while I am acting as you.   I will shop your compromised email for data sets  like personal data, or financials to commit fraud.  Before you detect me, I will have already taken over your data,   reset your account passwords to see what I can buy online in your profile, or grab or steal.  I will impersonate you, but not always in obvious ways,  I have too much to gain by letting you continue.    When you are on to me, I change strategies.   You hate it, having figured it out, so I will send out links to trick you into installing ransomware, encrypt your hard drives, and half of these companies wont let you call for help , so I will publish a realistic looking number and you will then pay me, the fraudster who broke you,  to help you fix it!!   

  1. Issue Tracker: For sites with public issue trackers, created by Email to HelpDesk Feature was able to bypass Support Channel authentication with GitLab email address to join team.
  2. Support Desk Hijack:   An attacker could hijack any account linked to support@(YOUR CORPORATE ADDRESS).  Using a cloud support method without login authentication with e-mail verification are vulnerable to support desk fraud. Even with email verification, its possible to hijack without Single Sign On (SSO) enabled, to create a back door to support data exploit potential.
Why Hackers Do It?  Make no mistakes, Hacking can be very profitable, and Business Insider found hackers can make upwards of $80,000 a month using a variety of proven methods.  Some hackers document their Exploit kids, as methods and sell them on dark web underground forums,  view it as sort of the eBay of Fraud Trade, where others will buy the method to commit more fraud.  So you think one fraudster was bad, what about the fraudster who frauded you, and when you didnt, sold the method to dozens of others who are now also doing it? 

  • Some "ethical hackers" do so to report their methods for a feeling of good will, others do it because it pays. Some companies paid a bug discovery bounty of up to $8000.  Why would companies pay you to hack them?   Its practical really . Pay one person telling YOU they found a vulnerability, or let them pay and release hundreds of others with methods to commit the same. 
  • Some hackers, 'hack' as a game of fraud.  To see how much they can earn  or what damage they can do by breaking into systems, before you catch them... its not personal, its just for fun.  
  • Some hackers "hack" for vendetta. 
  • Most hack because its profitable, and there are many ways to make money.   Like a business man will improve his craft, so will hackers. 
What Can you Do?

Dawn C Simmons  :   linkedin  | twitter   |  instagram  |  

Post a Comment

0 Comments