The rise of card-not-present (CNP) fraud in the US has caused severe consequences for individuals, reaching approximately $12.16 billion in 2021. Chinese fraudsters have developed extensive ecosystems and a value chain for their operations, primarily targeting the US due to the large population and higher credit card limits. Common methods for acquiring card information include phishing, JavaScript injection through website tampering, and stealing data via Trojan horse infections. Chinese fraudsters have created phishing kits to evade tracking and detection, which include anti-fraud features to counteract security researchers and organizations. In the monetization stage, fraudsters prefer products that can be easily resold and have also started using TikTok coins and NFTs for laundering. To prevent misuse at the monetization process, more advanced authentication methods, such as FIDO or passkeys, and more sophisticated machine learning models are necessary.
Key Points:
• Cyber attacks often result in the leakage of personal information, particularly credit card data, which can have severe consequences for individuals.
• Chinese fraudsters are responsible for 72% of total losses from CNP fraud in the US, and have established an extensive ecosystem and value chain to carry out this illegal activity.
• Common methods for acquiring card information include phishing, JavaScript injection, and Trojan horse infections.
• Phishing kits have been developed to evade tracking and detection, which include anti-fraud features to counteract security researchers and organizations.
• In the monetization stage, fraudsters prefer products that can be easily resold, as well as TikTok coins and NFTs for laundering.
• To prevent misuse at the monetization process, more advanced authentication methods and machine learning models are necessary.