In this Help Net Security video, Roman Faithfull, Cyber Intelligence Analyst at Digital Shadows, talks about how threat actors mobilize new members within the cybercriminal ecosystem.
Cybercriminal forums are awash with users advertising and requesting the services of developers to design fresh new malware. Developers may be recruited to work in-house, with a monthly salary and other benefits, or they may be contracted ad hoc, with a one-time payment upon completion of commissioned work.
Recruiters often advertise for vishing roles based on language competency and regional accent (good luck making a convincing English-language vishing call if you don’t speak English), gender (many attackers believe that victims are more likely to believe a woman’s voice), and technical knowledge (someone pretending to be calling from your bank shouldn’t be stumped by what “overdraft fees” are or what a CVV is).
Although there are widespread complaints on cybercriminal forums that “carding is dead”, the number of dedicated carding forums and threads advertising stolen card information indicate carding is still an important part of the underground ecosystem in 2022.