Twitter CEO, Jack Dorsey, spoke perhaps one of the most memorable references to social media when he dubbed it the new “public square.” It is true that social media has become the gathering place for all kinds, yet it is not always the right kind. Fraudsters and hackers have been flooding the social scene in recent years, coming together to sell and trade illicit goods. If you search for “botnet,” “hacking,” “CVV2,” or any other cybercrime-related term on most social media platforms, you will be surprised to find a plethora of fraud groups and cybercriminal activity operating in plain sight.
What started out a few short years ago as random posts trading stolen credit cards or hacking tips and the setup of fake business pages has spread like a common virus to nearly every popular social media platform. In 2018, social media fraud attacks increased 43 percent, and fraudulent accounts were reported to outnumber real business accounts.
The power of modern social media and networking platforms to keep exclusive communities of like-minded people connected continues to be co-opted by fraudsters looking to take advantage of the anonymity, usefulness, and global reach of these applications to profit. Fraudsters continue to expand their activities to new platforms including WhatsApp, Telegram, Instagram, Twitter, Snapchat and others. You can even find an abundance of cybercrime tutorials on YouTube.
Telegram Bots for Fraud Automation
As part of the social media revolution, the Telegram messaging app has particularly become a sought-after tool on the fraud scene. The app is growing rapidly, adding 350,000 new users daily with availability in 13 languages, and it allows users to create groups with up to 30,000 members to share files and documents of nearly any type. It even allows bots to be set up for specific tasks.
Until recently, fraudsters mainly utilized Telegram groups and channels to organize their communities, share information, and advertise fraud products and services in bulk. However, the popular Telegram bot feature has caught wind and caused a surge in use among the fraudster community as a way to facilitate and automate their activities. Some provide automated tools for common actions conducted by fraudsters, whereas others provide actual fraud services via online stores.
One popular fraud Telegram bot is Wall Street Store Bot (@WALL_STREET_STORE_BOT). This credit card store, which started off as a command-only bot, has since added user-friendly buttons that allow fraudsters to receive information on balance, purchase history and more. The most valuable feature is an “Available Cards” button which allows fraudsters to download a file containing all cards available on the store. Wall Street Store Bot also includes a credit card checker, an auto-refund system, a user ranking system to encourage purchases, and a user-specific Bitcoin wallet to add funds.
In addition to the bot itself, the store operates a separate 24/7 support channel in English and Russian, which is used both as a customer service platform and a channel to post news and updates about the store and its available credit card database.
Another popular Telegram bot is Mr. Banker Bot (@MrBankerBot)which was developed by the highly popular @PerfectCarders channel in the Brazilian fraud community. Its main features include the sale of credit cards and access to “Spectrum Checker,” the official credit card checker of the channel. A weekly subscription goes for R$60 (~$16USD) or a monthly subscription for R$250 (~$65USD).
Some fraudsters have even turned Telegram bots into a fraud-as-a-service offering. Roskomnadzor (@rskmBot) is one example of such a service for Telegram bots and online webstores offered by Russian-speaking fraudsters to the fraud community. The service has an official website and a number of Telegram channels for customer service, technical support and news and updates (which even provides coupons!) and is frequently advertised in highly-regarded fraud forums and marketplaces. Orders are made via a dedicated Telegram bot where customers can choose a plan out of the following options:
“White Thematic” for $6 per month
Permitted Items:accounts of any type, credit cards, IDs, virtual wallets, counterfeit or stolen documents (e.g. passports, certificates, insurance)
Prohibited Items: the bot’s control panel, extremist material, explosives, weapons, drugs, radioactive substances, gambling equipment, and more
“Black Thematic” for $80 + 1% of the turnover per month
Permitted Items:the sale of any goods is allowed including hardware (such as skimmers), illegal substances and more
Prohibited Items: the bot’s control panel and extremist material
The use of Telegram bots not only demonstrates the continued growth of social media use by fraudsters for illicit activity, but also the use of advanced technologies to automate their business.
Telegram bot stores possess several benefits for fraudsters. Not only do they eliminate the need to register a host and domain, all the typical security challenges that may impact a website, DDoS attacks perhaps most notably, become irrelevant. The use of the Telegram platform also eliminates fraudsters’ need to protect and hide their website from law enforcement.
While the implementation of Telegram bots in the fraud context is relatively new, it is definitely a trend worth monitoring in the coming year.
*** This is a Security Bloggers Network syndicated blog from RSA Conference Blog authored by Heidi Bleau. Read the original post at: http://www.rsaconference.com/blogs/social-media-the-new-public-square-for-fraudsters