This Week: Scams "R" Us and Police Database Mischief

Next: Dark Web Forums: the Underbelly’s Underbelly
Previous: This Week: Steep Discounts and Limited Loyalty
When all of your friends have store credit except you.
February 10, 2017

The Terbium Analyst Team is on the front-line of combatting dark web myths and legends. Whether it's a threat report, white paper, or blog post, the Analyst Team's job is to know things and speak intelligently about them. Other interests include weightlifting, chocolate, and accumulating obscure dark web trivia to amuse and confuse our co-workers.

This week a toy retailer found evidence of rewards scamming, and the government discovered that password re-use is just a hop, skip, and a jump away from a major breach. With Valentine’s Day around the corner some people are discovering a catfish instead of their future Romeo.

“R” You Scamming Me?

Toys “R” Us notified members of their Rewards “R” Us program when they discovered evidence of someone attempting to access user accounts without authorization. In an official statement, the company stated the incident appears to be related to an earlier online breach not associated with Toys “R” Us – that is, credentials leaked from a separate breach entirely.

From airlines to hotels to retailers, rewards scams can impact any retailer. Cyber criminals aim to get as much value from a set of credentials as possible, including the financial benefits tied up in rewards scams. These rewards can often be turned into store credit, which is all the more easily laundered into cold hard cash.

Another vBulletin Bites The Dust

More than 700,000 records from forum members are being sold on the dark web for the low, low price of $400. The database, which was originally stolen from the law enforcement news site in 2015, includes usernames, email addresses, dates of birth, hashed passwords, and other identifying data collected by the site.

The attacker claims to have used a known SQL exploit against PoliceOne, which was reportedly running the infamously-buggy vBulletin forum software. The site quickly pulled their forums offline after being notified of the breach.

The listing’s description notes that the 290MB of data contains “emails from NSA, DHS, FBI and other law enforcement agencies as well as other US government agencies,” which is particularly troubling.

The tendency to re-use passwords is ubiquitous and is a common method of gaining unauthorized access to other systems (see the Toys R Us issue above). But when those credentials can be used to gain access to law enforcement and government portals, the effects can be far more severe.

One more thing… Romance (Fraud) is in the Air

Don’t get catfished this Valentine’s Day. According to the BBC, online dating scams are at a record high. There were 3889 victims of “romance fraud” last year. The National Fraud Intelligence Bureau reported 3363 cases with losses falling to £25,882,339 in 2015, and a record £39 million in related fraud cases in 2016. Looks like these bachelors and bachelorettes are getting thorns instead of roses.

analysis April 17, 2019
Terbium Labs Investigates Dark Web Fraud Guides for an Inside Look on Cyber Crime

With our latest research, Fraud Guides 101: Dark Web Lessons on How to Defraud Companies and Exploit Data, Terbium Labs investigates dark web fraud guides to create a detailed, first-hand account of the illicit...

analysis March 29, 2019
Category Is: Another Data Aggregator Breach

The size of data breaches is only increasing – to the point that data exposure at another lead-gen firm in recent months barely registered in the news because it only exposed 44.3 million individuals....