Summary
Scam websites have emerged as a significant threat in financial fraud, leveraging seasonal opportunities and advanced tactics to deceive cardholders and evade bank defenses. Recorded Future's Payment Fraud Intelligence team has identified that threat actors operate these scams across five stages: procurement, lure creation, delivery, website setup, and monetization. They exploit psychological triggers and seasonal trends like holidays and shopping events to maximize victim susceptibility.
Key methods include phishing kits, fraudulent merchant accounts, and live admin panels that enhance the effectiveness of scams while complicating detection. Threat actors use techniques such as typosquatting, malvertising, and smishing to deliver scam lures, while their websites are designed to trick victims into sharing sensitive information.
Scam Websites: Understanding the Threat and Combating Fraud
Scam websites have become a growing concern in recent years, posing risks not only to individual cardholders but also to financial institutions and merchants. These websites, often indistinguishable from legitimate platforms, exploit seasonal opportunities and sophisticated tactics to defraud victims at scale. This research explores how scam websites operate, the methods used by threat actors, and actionable strategies for mitigation.
Stages of Scam Website Operations
Scam website operations follow five distinct stages:
- Procurement
Threat actors gather resources such as domains, phishing kits, and fraudulent merchant accounts. Seasonal trends play a significant role, with typosquatting and scam kits tailored to holidays or shopping events like Black Friday. - Lure Creation
Scammers design lures that exploit urgency and trust. Common methods include brand impersonation, limited-time offers, and fear tactics during tax season. - Lure Delivery
Lures are distributed through online ads, smishing (SMS phishing), and phishing emails. Social media and search engines are frequently exploited for large-scale delivery. - Website Setup
Scam websites mirror legitimate sites to deceive victims into entering sensitive data. Payment forms and account update requests are designed to appear authentic. - Monetization
Threat actors leverage stolen data for card-not-present (CNP) fraud, resale on dark web forums, or fraudulent transactions through merchant accounts.
Seasonal trends significantly increase the effectiveness of scam websites. Holidays, tax filing periods, and shopping events create urgency among victims, making them more likely to fall for scams. For example, Black Friday scams use high discounts to lure victims, while tax season scams exploit fear of penalties.
Sophisticated methods like live admin panels and payment cloaking make scams harder to detect. Live admin panels allow real-time interception of victim data and OTPs (one-time passwords), enabling high-success fraud.
Additionally, threat actors use fraudulent merchant accounts linked to scam websites, allowing immediate monetization and recurring charges. These tactics complicate fraud detection and recovery efforts for banks and cardholders alike.
Mitigation Strategies
To combat scam websites, both financial institutions and individuals must take proactive measures:
- For Financial Institutions:
- Monitor dark web forums for phishing kits and merchant account offerings.
- Educate customers about common scam tactics and encourage reporting.
- Leverage Recorded Future Payment Fraud intelligence (PFI) to detect and mitigate possible scam websites using the PFI common-point-of-purchase (CPP) dataset.
- Leverage Recorded Future Brand Intelligence to detect and mitigate brand impersonation threats common among scam websites.
- For Individuals:
- Verify website URLs and use only trusted platforms for transactions.
- Avoid acting on unsolicited offers or advertisements without verification.
- Report suspected scams to banks and dispute fraudulent charges promptly.
Outlook
Scam website operations are rapidly evolving, with threat actors adopting sophisticated tactics reminiscent of early Magecart e-skimmer methods. Notable developments include scam campaigns targeting mobile users to evade detection and using low-value transactions to establish trust before initiating high-value fraud. Fraudulent merchant accounts, linked to scam websites, have become a key innovation, enabling immediate and recurring monetization while complicating detection.
This method is likely to grow in prominence, especially as future PCI-DSS v4.0 requirements limit other fraud techniques. However, regulatory measures like the US FTC's "click-to-cancel" rule and stricter Know Your Customer (KYC) protocols could significantly curb these operations by addressing loopholes that scammers currently exploit.
To read the entire analysis, click here to download the report as a PDF.