Scammers defraud each other of millions on cybercrime forums


Scammers are scamming scammers and then using arbitration to settle disputes. The latest report shows that threat actors lost at least $2.5 million to each other.

Criminals are actively using arbitration rooms of popular cybercriminal forums to complain about each other, with claims ranging from $2 to $160,000.

“While investigating cybercriminal scams, we stumbled upon an entire sub-economy that includes not just lower-tier criminals but some of the most prominent ransomware groups,” said Matt Wixey, a senior threat researcher at Sophos.

The practice of scammers scamming scammers is lucrative, Sophos said after analyzing two Russian-language cybercrime forums, Exploit and XSS, and one English-language forum, BreachForums.

Fraudsters scamming other fraudsters aren’t just a financially motivated crime – personal beef and rivalries are also quite common.

“We also found incidents where scammers would scam the scammers who scammed them. In one case, we found a trolling contest set up to get revenge on a scammer trying to trick users into paying $250 to join a fake underground forum. The ‘winner’ of the contest received $100,” Wixey said.

Criminals deploy decades-old techniques, such as typosquatting, phishing, backdoored malware, and fake marketplaces, to carry out attacks against each other.

When going to arbitration – a form of alternative dispute resolution to resolve conflicts outside the judiciary courts – scammers need to present evidence. According to Sophos, it is a wealth of untapped intelligence for researchers and law enforcement.

“They provide a wealth of tactical and strategic information about their operations — something which has been an untapped resource until now. These arbitration reports also give us an inside look at attackers’ priorities, their rivalries and alliances, and, ironically, how they’re susceptible to the same types of deception used against their victims,” said Wixey.