#2: AI-generated phishing sites, off-platform scams, privacy-enabled device shadowing

Last week, we talked about social media being used to distribute fraud tactics, AI that builds bots for fraudsters, and where fraudsters will go if (when?) law enforcement gets into Telegram. If you missed it, be sure to check it out in your inbox!

NATE'S TAKE

Top Three This Week

1. “Card Declined” Phishing Sites Spike in Popularity
2. Off-platform Marketplace Scams Targeting Gig-Workers
3. Fraudsters Abuse Privacy Tools to Leverage Device Shadowing

1. “Card Declined” Phishing Sites Spike in Popularity

The Internet is ablaze with stories from consumers of having their credit card information stolen by reputable-looking ecommerce sites they found in trusted search results or ads. The BBB has already gone so far as to post an advisory on this trend - here’s how it works:

After clicking to make a purchase, no matter what credit card they use, they’re presented with a “card declined” message. What they come to learn shortly after is that the entire ecommerce site is actually a phishing site that harvests credit card information.

AI-generated content fed into “one-click commerce” solutions have lowered the barriers to standing up commercial-quality online storefronts to the lowest it’s ever been. In this case, it’s being used as a fraudster’s “one-click phishing” solution. Left unchecked, these sites may have a chilling effect in what’s already been a tough consumer-spending environment for many online retailers and push consumer preferences to non-credit card payment options when dealing with smaller merchants.

2. Off-platform Marketplace Scams Targeting Gig-Workers

Many of the largest gig-marketplaces - be that food delivery, shopping services, sharing economy, or personal services - protect members by monitoring communications between them and preserving privacy everywhere they can. We’re seeing an uptick in marketplace scams related to getting a user to divulge information like their phone number or email address, which fraudsters use to target them with tailored phishing scams.

The level of personal context these scams leverage and the vulnerable populations they target can make them very effective. Once compromised, these users then have their stolen identities leveraged to commit fraud on other platforms as well, creating a real problem beyond the marketplace where the victim was originally targeted. Sadly, the people being targeted can often least-afford any interruption to their access to these gig platforms. Trust and safety teams have a huge opportunity to create real positive impact for their users and the platforms they protect by getting proactive on spotting these off-platform scams

3. Fraudsters Abuse Privacy Tools to Leverage Device Shadowing

iCloud Private Browsing has kicked off a flurry of fraudster activity, as they’ve figured out that it only takes a few compromised data points to completely bypass device-based fraud detection tools. Both device emulators and device-takeover malware benefit from passing through Apple’s privacy proxy, which “scrubs” the signatures that device-based fraud detection tools look for to detect fraud.

Device shadowing using IMEIs and SIM takeovers have become popular again with this development - merchants are needing to lean more heavily into behavioral signals and non-device linking factors to sus out where fraudsters are blending in with their good traffic.

===

That’s all for this week! For more insights, subscribe to my Fraud in Focus newsletter and get weekly updates in your inbox.

And be sure to follow us on LinkedIn or X, and if you want to learn more about what we do, request a demo here.