Blog / Fraud Analytics

Six common fraudsters and how they operate

Ravelin’s Director of Intelligence & Investigations shares insight on six of the most common fraudster types, and their methodologies. Which ones are targeting your business?

Six common fraudsters and how they operate

The Ravelin Investigations team is always analysing trends in fraudster behavior and keeping an eye out for fraud discussions on the dark web. The rise in popularity of fraud discussion groups has led to an increase in the number of individuals with the basic knowledge and skills to commit fraud, but we’ve also seen some more sophisticated fraudsters and behavior patterns emerge.

Ruth, Director of Intelligence & Investigations at Ravelin, shares insight into six of the most common fraudster types and their methodologies. Do you recognise these profiles as those targeting your business?

The Hungry Fraudster

The Hungry Fraudster does not usually make a living or a steady income from fraud, but is willing to commit fraud for a freebie, such as a pizza. Generally, they are opportunistic and driven by the ease of available online guides and cheap credit card details. They have a low level of operational security, but due to the sporadic nature of their fraud, they consider themselves to be at a low risk of being caught and are willing to take chances.

The rise in popularity of fraud-themed discussion platforms online (forums, messenger groups, online guides) has made it simple for this type of fraudster to get a basic education on how to commit fraud, with plenty of 30 minute tutorials available.

The Friendly Fraudster

Friendly fraud is infamously difficult to detect. Of course, genuine customers sometimes request refunds for legitimate reasons, such as a product arriving damaged or not as described. However, a friendly fraudster is a customer who has received the product but wants to get their money back too.

The friendly fraudster often uses their own payment methods, and then issues a chargeback with their bank. They may claim they have not received the item, and there is evidence that this has increased during the Covid-19 outbreak due to a rise in contactless delivery.

In some cases, friendly fraudsters can order high value items, e.g. iPhones, laptops, and return the empty box for a refund from the retailer, even filling the empty packaging with weights to avoid suspicion.

The Business Fraudster

The Business Fraudster has a significant income from fraud. Often their fraudulent orders are for high value items such as premium alcohol, electronics, clothing, tickets, software, luxury watches, jewellery, handbags etc. The business fraudster then sells these items to customers on platforms like eBay, Facebook, Telegram, Depop or dark web marketplaces.

The business fraudster has a reasonably strong level of operational security, and relies on a degree of tradecraft to avoid detection. They create lots of accounts and make bulk orders for resale later on. They may also return empty boxes to merchants and use proof of postage to claim a refund.

The Voucher Abuser

The voucher abuser takes advantage of promotional schemes and vouchers on offer from a merchant. They often abuse referral offers by creating multiple accounts to refer themselves as a new user repeatedly, and continuously benefitting from new user discounts.

The Account Thief

The account thief gains access to genuine customers’ accounts in order to monetize the account - known as account takeover (ATO). ATO attacks are increasing partly due to the combined factors of multiple breaches and genuine customers reusing the same passwords across multiple different platforms. If one platform is breached, these credentials will be available for fraudsters to try everywhere online.

Once the account thief has access to a genuine customer account, they can do several things with it:

  • Use the stored card details to make fraudulent purchases
  • Use the customer loyalty points to make purchases or transfer these into another account
  • Add a new compromised payment method and make fraudulent orders
  • Scrape the genuine customer data to resell
  • Change the account details to claim the account and lock the genuine customer out
  • Delete the existing customer account and recreate it afresh with the same details to claim it

The account thief benefits from the genuine customer’s buying history and trust with the merchant, which makes it harder to detect when an account has been compromised.

The Supplier Fraudster

The supplier fraudster impacts marketplaces which connect customers and suppliers. These fraudy suppliers abuse their trusted relationship with the merchant. For example, a delivery driver may open a fake customer account and repeatedly place orders with themselves as the driver to get paid by the marketplace. Supplier fraudsters also commonly use vouchers on fake customer accounts or try to take advantage of promotional schemes on offer.

In most cases, marketplace supplier fraud is opportunistic and not professional - it arises when the supplier sees a way to make a bit extra at the platform or the customer’s expense. In some cases, there are professional fraudster suppliers using stolen cards to place orders, or colluding with rings of fraudsters on the consumer side.

Go here to learn more about the Investigations team at Ravelin, or get in touch if you have any questions.