This Week: Scams "R" Us and Police Database Mischief

Next: Dark Web Forums: the Underbelly’s Underbelly
Previous: This Week: Steep Discounts and Limited Loyalty
When all of your friends have store credit except you.
February 10, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

This week a toy retailer found evidence of rewards scamming, and the government discovered that password re-use is just a hop, skip, and a jump away from a major breach. With Valentine’s Day around the corner some people are discovering a catfish instead of their future Romeo.

“R” You Scamming Me?

Toys “R” Us notified members of their Rewards “R” Us program when they discovered evidence of someone attempting to access user accounts without authorization. In an official statement, the company stated the incident appears to be related to an earlier online breach not associated with Toys “R” Us – that is, credentials leaked from a separate breach entirely.

From airlines to hotels to retailers, rewards scams can impact any retailer. Cyber criminals aim to get as much value from a set of credentials as possible, including the financial benefits tied up in rewards scams. These rewards can often be turned into store credit, which is all the more easily laundered into cold hard cash.

Another vBulletin Bites The Dust

More than 700,000 records from forum members are being sold on the dark web for the low, low price of $400. The database, which was originally stolen from the law enforcement news site in 2015, includes usernames, email addresses, dates of birth, hashed passwords, and other identifying data collected by the site.

The attacker claims to have used a known SQL exploit against PoliceOne, which was reportedly running the infamously-buggy vBulletin forum software. The site quickly pulled their forums offline after being notified of the breach.

The listing’s description notes that the 290MB of data contains “emails from NSA, DHS, FBI and other law enforcement agencies as well as other US government agencies,” which is particularly troubling.

The tendency to re-use passwords is ubiquitous and is a common method of gaining unauthorized access to other systems (see the Toys R Us issue above). But when those credentials can be used to gain access to law enforcement and government portals, the effects can be far more severe.

One more thing… Romance (Fraud) is in the Air

Don’t get catfished this Valentine’s Day. According to the BBC, online dating scams are at a record high. There were 3889 victims of “romance fraud” last year. The National Fraud Intelligence Bureau reported 3363 cases with losses falling to £25,882,339 in 2015, and a record £39 million in related fraud cases in 2016. Looks like these bachelors and bachelorettes are getting thorns instead of roses.

analysis January 08, 2019
New Commodities, New Consequences: Child Data on the Dark Web

analysis December 06, 2018
The Year Ahead: Developments in the Dark Web Data Trade

Sensitive data had a very bad year in 2018—and the year isn’t over yet. With the increase of large-scale breaches, what drives the underground economy for data on dark web markets? How will that...