The last wave of fraud lasted two months, bringing attackers $ 53 thousand per day.
Representatives of the cybercrime community told CyberNews about a fraudulent scheme with Facebook and PayPal, which brings $ 1.6 million in revenue per month. A distinctive feature of this scheme is that the victim herself voluntarily transfers money to scammers.
For the first time, the scheme began to be applied in 2016, and in recent years, scammers have again remembered about it. The last wave lasted for two months, bringing attackers $ 53 thousand in net income per day.
There are two options for a fraudulent scheme. The first option requires two victims. The first victim is a Facebook user whose account needs to be hacked, and the second is a person who transfers money. An attacker breaks into a Facebook user account and asks 5-6 of his friends to transfer money. A fraudster asks a "friend" to receive funds in his PayPal wallet, and then send the same amount to the fraudster's bank account. As a rule, a scammer explains this by the fact that he has problems with a PayPal wallet and cannot withdraw money.
An attacker does transfer funds to the victim's PayPal wallet. The victim sees that the money has been received and sends the same amount to the indicated bank account. After a day or two, the fraudster returns the payment, and the victim loses the money transferred to her. An attacker converts stolen funds into cryptocurrency and closes a bank account.
The second variant of the fraudulent scheme involves the use of a hacked PayPal wallet. That is, the attacker sends the victim funds not from his PayPal wallet, but from the hacked one. When the real owner sees an unauthorized transfer, he himself initiates a refund, and as a result, the victim again loses money.
To implement the scheme, attackers need hacked Facebook user accounts, a PayPal wallet (either their own or hacked) and a “one-time” bank account. If at some stage of the operation fraudsters encounter difficulties, they proceed to the next victim. According to a representative of the cybercriminal community, there is no point in trying too hard, since the number of hacked accounts at their disposal allows you not to focus on one victim.
Representatives of the cybercrime community told CyberNews about a fraudulent scheme with Facebook and PayPal, which brings $ 1.6 million in revenue per month. A distinctive feature of this scheme is that the victim herself voluntarily transfers money to scammers.
For the first time, the scheme began to be applied in 2016, and in recent years, scammers have again remembered about it. The last wave lasted for two months, bringing attackers $ 53 thousand in net income per day.
There are two options for a fraudulent scheme. The first option requires two victims. The first victim is a Facebook user whose account needs to be hacked, and the second is a person who transfers money. An attacker breaks into a Facebook user account and asks 5-6 of his friends to transfer money. A fraudster asks a "friend" to receive funds in his PayPal wallet, and then send the same amount to the fraudster's bank account. As a rule, a scammer explains this by the fact that he has problems with a PayPal wallet and cannot withdraw money.
An attacker does transfer funds to the victim's PayPal wallet. The victim sees that the money has been received and sends the same amount to the indicated bank account. After a day or two, the fraudster returns the payment, and the victim loses the money transferred to her. An attacker converts stolen funds into cryptocurrency and closes a bank account.
The second variant of the fraudulent scheme involves the use of a hacked PayPal wallet. That is, the attacker sends the victim funds not from his PayPal wallet, but from the hacked one. When the real owner sees an unauthorized transfer, he himself initiates a refund, and as a result, the victim again loses money.
To implement the scheme, attackers need hacked Facebook user accounts, a PayPal wallet (either their own or hacked) and a “one-time” bank account. If at some stage of the operation fraudsters encounter difficulties, they proceed to the next victim. According to a representative of the cybercriminal community, there is no point in trying too hard, since the number of hacked accounts at their disposal allows you not to focus on one victim.